[cabfpub] Need exception to 1024-bit revocation requirement

Rick Andrews Rick_Andrews at symantec.com
Fri Jun 7 17:31:50 MST 2013


> So these certs are SSL capable certificates, which chain to a browser
> trusted PKI. If someone captured one of the certs, and then compromised
> the 1024 bit key, they could masquerade as any hostname these certs
> advertise.
> 
> That risk would be mitigated if there were no hostname in the CN or in
> the Subject Alt Name. It's probably likely the case that there isn't.
> Do you know Rick?

Bob, I know that they *do* have hostnames in them. 

-Rick


More information about the Public mailing list