Paul Hoffman wrote: > At 11:02 AM -0400 5/30/08, Frank Hecker wrote: >> I'd be glad to soften the language >> about "cause for concern", but I still want to flag 1024-bit roots as >> worthy of a further explanation. (E.g., is this a root created some time >> ago that is only now being proposed for inclusion? Was/is the root >> intended for use in low-end devices where performance was deemed an >> issue? Did the CA not think about the issue of modulus length at all? >> And so on.) > > Ah! That sounds reasonable. "Cause for further checking" covers that > without making it seem that we're concerned just about the length.
I made a change to the wiki page to reflect my previous comments. > BTW, I would flag *all* ECC certs with "Cause for further checking" due > to the very low amount of interop testing that has been done with them. > Again, not to say "don't do this", just "we want to ask a few questions > that might start a dialog". I haven't made a change for this yet. I think I need a separate questions relating to the public key scheme used; that would be an appropriate place to discuss this. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto