On 20/11/15 00:34, Kathleen Wilson wrote:
There are two proposals on the table...
Proposal A:
~~
8. We consider the algorithms and key sizes specified in section 6.1.5
of version 1.3 or later of the CA/Browser Forum Baseline Requirements
for the Issuance and Management of Publicly-Trusted
On Fri, Nov 20, 2015 at 2:14 AM, Rob Stradling
wrote:
> On 20/11/15 00:34, Kathleen Wilson wrote:
>
>> There are two proposals on the table...
>>
>> Proposal A:
>> ~~
>> 8. We consider the algorithms and key sizes specified in section 6.1.5
>> of version 1.3 or later of
I'm all for modern crypto, but to be honest, these are a little far away. The
OIDs for Ed25519 aren't final yet, and I'm not aware of any work on putting
SHA-3 in X.509 yet.
I think the right approach here is to delegate this to the BRs.
--Richard
On Thursday, November 5, 2015 at 3:03:05 PM
On 2015-11-05 19:46, Kathleen Wilson wrote:
Another option is to delete this section from Mozilla's policy, because
it is covered by the Baseline Requirements. However, the Baseline
Requirements allows for DSA, which Mozilla does not support.
Maybe the BR should be updated to remove DSA
On 05/11/15 20:01, s...@gmx.ch wrote:
I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP.
The later one is not that far away [1].
Maybe it's the right time to consider them?
I would like to (and I expect to) see these in a future version of the BRs.
There seems little point in
On 2015-11-05 21:01, s...@gmx.ch wrote:
I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP.
The later one is not that far away [1].
Maybe it's the right time to consider them?
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105
This is about certificate, so as far as I know
The next two topics to discuss [1] have to do with section 8 of
Mozilla’s CA Certificate Maintenance Policy.
The proposals are:
- (D15) Deprecate SHA-1 Hash Algorithms in certs.
and
- (D4) In item #8 of the Maintenance Policy recommend that CAs avoid
SHA-512 and P-521, especially in their CA
On 11/5/15 10:58 AM, David E. Ross wrote:
Rather than list acceptable key types and sizes, cite the Baseline
Requirements along with listing exceptions, both types and sizes that
are not supported but are in the BR and types and sizes that are
supported but are not in the BR. I would not be
I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP.
The later one is not that far away [1].
Maybe it's the right time to consider them?
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105
Am 05.11.2015 um 19:46 schrieb Kathleen Wilson:
> The next two topics to discuss [1] have
On 11/5/2015 11:10 AM, Kathleen Wilson wrote:
> On 11/5/15 10:58 AM, David E. Ross wrote:
>>
>> Rather than list acceptable key types and sizes, cite the Baseline
>> Requirements along with listing exceptions, both types and sizes that
>> are not supported but are in the BR and types and sizes
10 matches
Mail list logo