On Mon, March 16, 2015 1:06 pm, Erwann Abalea wrote: > > Phase RSA1024 out? I vote for it. Where's the ballot? :)
This is a browser-side change. No ballot required (the only issue *should* be non-BR compliant certificates issued before the BR effective date) https://code.google.com/p/chromium/issues/detail?id=467663 for Chrome, but unfortunately, can't share the user data as widely. Perhaps Mozilla will consider collecting this as part of their telemetry (if they aren't already) This still leaves 'internal CAs' as an open issue. However, we can limit the enforcement to signatures that chain to a trusted CA, significantly reducing the risk to end users of state-sponsored key factoring of 1024-bit keys. Which is certainly a reasonable concern, even for the most paranoid. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto