There has been evidence of Microsoft, at the least, following this group and acting on good ideas that started here. While it'd be nice if that organization would comment here, I think that if they like this plan (or anything like this plan) they'll implement it and it'll end up being a fait accompli.
January 1 2009 particularly because it provides slightly less than 2 quarters of notice. Honestly, I would be quite happy if it went into effect immediately; however, I do know that some Cisco VPN equipment doesn't like 4096-bit root keys. I don't know if it likes 2048-bit keys. I would treat 'new' as 'new request'. And I don't know if anyone's tried to submit a 1024-bit root recently. -Kyle H On Wed, Jun 4, 2008 at 2:14 AM, Gervase Markham <[EMAIL PROTECTED]> wrote: > Paul Hoffman wrote: >> Proposal: >> a) Starting January 1 2009, all new CA roots must be 2048 bit RSA or 256 >> bit EC. > > Why January 1 2009 particularly? > > By new, do you mean newly-generated, or new to us? > > Has any CA actually attempted to get a recently-generated 1024-bit root > included? > >> b) Starting January 1 2014, all CA roots must be 2048 bit RSA or 256 bit >> EC. > > It would make most sense to coordinate such a policy with other browser > vendors, if possible. > > Gerv > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto