Re: Policy Update: section 8 of Maintenance Policy

On 20/11/15 00:34, Kathleen Wilson wrote: There are two proposals on the table... Proposal A: ~~ 8. We consider the algorithms and key sizes specified in section 6.1.5 of version 1.3 or later of the CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted

Re: Policy Update: section 8 of Maintenance Policy

On Fri, Nov 20, 2015 at 2:14 AM, Rob Stradling wrote: > On 20/11/15 00:34, Kathleen Wilson wrote: > >> There are two proposals on the table... >> >> Proposal A: >> ~~ >> 8. We consider the algorithms and key sizes specified in section 6.1.5 >> of version 1.3 or later of

Re: Policy Update: section 8 of Maintenance Policy

I'm all for modern crypto, but to be honest, these are a little far away. The OIDs for Ed25519 aren't final yet, and I'm not aware of any work on putting SHA-3 in X.509 yet. I think the right approach here is to delegate this to the BRs. --Richard On Thursday, November 5, 2015 at 3:03:05 PM

Re: Policy Update: section 8 of Maintenance Policy

On 2015-11-05 19:46, Kathleen Wilson wrote: Another option is to delete this section from Mozilla's policy, because it is covered by the Baseline Requirements. However, the Baseline Requirements allows for DSA, which Mozilla does not support. Maybe the BR should be updated to remove DSA

Re: Policy Update: section 8 of Maintenance Policy

On 05/11/15 20:01, s...@gmx.ch wrote: I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them? I would like to (and I expect to) see these in a future version of the BRs. There seems little point in

Re: Policy Update: section 8 of Maintenance Policy

On 2015-11-05 21:01, s...@gmx.ch wrote: I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them? [1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105 This is about certificate, so as far as I know

Policy Update: section 8 of Maintenance Policy

The next two topics to discuss [1] have to do with section 8 of Mozilla’s CA Certificate Maintenance Policy. The proposals are: - (D15) Deprecate SHA-1 Hash Algorithms in certs. and - (D4) In item #8 of the Maintenance Policy recommend that CAs avoid SHA-512 and P-521, especially in their CA

Re: Policy Update: section 8 of Maintenance Policy

On 11/5/15 10:58 AM, David E. Ross wrote: Rather than list acceptable key types and sizes, cite the Baseline Requirements along with listing exceptions, both types and sizes that are not supported but are in the BR and types and sizes that are supported but are not in the BR. I would not be

Re: Policy Update: section 8 of Maintenance Policy

I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them? [1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105 Am 05.11.2015 um 19:46 schrieb Kathleen Wilson: > The next two topics to discuss [1] have

Re: Policy Update: section 8 of Maintenance Policy

On 11/5/2015 11:10 AM, Kathleen Wilson wrote: > On 11/5/15 10:58 AM, David E. Ross wrote: >> >> Rather than list acceptable key types and sizes, cite the Baseline >> Requirements along with listing exceptions, both types and sizes that >> are not supported but are in the BR and types and sizes