It's still permitted in the policy. https://www.mozilla.org/en-US/about/governance/policies/security-group/certs /policy/#inclusion
Section 8. -----Original Message----- From: dev-tech-crypto [mailto:dev-tech-crypto-bounces+jeremy.rowley=digicert....@lists.mozilla.org ] On Behalf Of Martin Thomson Sent: Wednesday, February 15, 2017 5:06 PM To: mozilla's crypto code discussion list <dev-tech-crypto@lists.mozilla.org> Cc: mozilla-dev-tech-crypto <mozilla-dev-tech-cry...@lists.mozilla.org> Subject: Re: xmlsec / ECDSA problem On Thu, Feb 16, 2017 at 4:22 AM, Gervase Markham <g...@mozilla.org> wrote: > Did things break when we disabled it? A few things. It lasted less than a day in Nightly before we got multiple bug reports. > Do we know why Chrome decided not to support it? Two NIST curves is enough? That's my understanding. P-521 isn't busted, it's just a little inefficient and not enough stronger than P-384 (or X448) that it is worth keeping around when faced with a working quantum computer. That and the fact that more options is more code to carry, more options to signal, and so forth. I think that's the reasoning. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto