Sorry, you're right -- I inferred incorrectly from filtering censys.io on key size.
On Sat, Dec 12, 2015 at 9:56 PM, Yuhong Bao <yuhongbao_...@hotmail.com> wrote: > The VeriSign "Class 3 Public Primary Certification Authority - G2" is also > 1024-bit. > > ---------------------------------------- > > Date: Sat, 12 Dec 2015 20:07:57 -0500 > > Subject: RE: Remove trust of Symantec's Class 3 Public Primary > Certification Authority? > > From: e...@konklone.com > > To: yuhongbao_...@hotmail.com > > CC: mozilla-dev-security-pol...@lists.mozilla.org; k...@roeckx.be > > > > The G2 root identified by Peter is 2048-bit. > > > > -- Eric > > On Dec 12, 2015 7:56 PM, "Yuhong Bao" <yuhongbao_...@hotmail.com> wrote: > > > >> I think this and most of the other 1024-bit roots was removed or > >> restricted to email in Mozilla some time ago (last remaining one is > >> Equifax). They had been consider obsolete for a long time. > >> > >>> Date: Sun, 13 Dec 2015 00:41:45 +0100 > >>> From: k...@roeckx.be > >>> To: mozilla-dev-security-pol...@lists.mozilla.org > >>> Subject: Remove trust of Symantec's Class 3 Public Primary > >> Certification Authority? > >>> > >>> Hi, > >>> > >>> It seems that Symantec will stop using the "VeriSign G1" root > >>> certificate. In the announcement[1] they say: "Browsers may > >>> remove TLS/SSL support for certificates issued from these roots." > >>> > >>> The name of the certificate seems to be "Class 3 Public Primary > >>> Certification Authority". > >>> > >>> It seems google plans[2] to remove the TLS trust bits, and distrut > >>> it instead. > >>> > >>> The announcement says that it's also used for code signing, but > >>> it's not clear that it's still going to be used for that or not. > >>> > >>> Should Mozilla follow and disable the TLS trust bits? Add it to > >>> the distrusted list? > >>> > >>> > >>> Kurt > >>> > >>> [1]: > >> > https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941&actp=LIST&viewlocale=en_US > >>> [2]: > >> > https://googleonlinesecurity.blogspot.be/2015/12/proactive-measures-in-digital.html > >>> > >>> _______________________________________________ > >>> dev-security-policy mailing list > >>> dev-security-policy@lists.mozilla.org > >>> https://lists.mozilla.org/listinfo/dev-security-policy > >> > >> _______________________________________________ > >> dev-security-policy mailing list > >> dev-security-policy@lists.mozilla.org > >> https://lists.mozilla.org/listinfo/dev-security-policy > >> > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy