1024 bit root removal in the news

In case nobody saw it yet, those things were in the news: https://community.rapid7.com/community/infosec/sonar/blog/2014/09/04/107000-web-sites-no-longer-trusted-by-mozilla http://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 I think those are misleading:

RE: GlobalSign Request to Include ECC Roots

Hi Kathleen, As discussed below, the changes were submitted and approved and we now have new versions of the CP and CPS, however rather than send around this list I prefer them to be published following our standard internal operating procedures (which will take a few more days). However in

Re: 1024 bit root removal in the news

- Original Message - From: Kurt Roeckx k...@roeckx.be To: mozilla-dev-security-pol...@lists.mozilla.org Sent: Monday, 8 September, 2014 10:48:35 AM Subject: 1024 bit root removal in the news In case nobody saw it yet, those things were in the news:

Security Blog about 1024-bit certs

All, I posted a security blog about 1024-bit certs... https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/ Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org