[cabfpub] Need exception to 1024-bit revocation requirement

Rick Andrews Rick_Andrews at symantec.com
Fri Jun 7 09:29:35 MST 2013


The problem is that any CA that has issued such SSL certs to such non-web PKI applications, and needs to continue to issue them for business continuity, will fail their audit and will have to engage in a discussion with each trust store owner to convince them to retain their roots. 

It's not just us and its not just this particular usage. Other CAs have the same issue. 

-Rick

On Jun 7, 2013, at 9:13 AM, "Phillip" <philliph at comodo.com> wrote:

> I thought that the original point of the drop dead date was that the browsers are going to stop trusting 1024 bit certs at some point in the future.
> 
> Ergo there should be no need for an exception. Mozilla, IE, Google etc. just turn off support for the 1024 bit certs in their browsers. The Visa certs are issued as before but the only devices that will accept them are the Visa POS terminals. (Point of Sale)
> 
> So what is the problem?


More information about the Public mailing list