[cabfpub] Need exception to 1024-bit revocation requirement

Gervase Markham gerv at mozilla.org
Sat Jun 8 01:19:15 MST 2013


On 08/06/13 01:24, Robert Relyea wrote:
> So these certs are SSL capable certificates, which chain to a browser
> trusted PKI. If someone captured one of the certs, and then compromised
> the 1024 bit key, they could masquerade as any hostname these certs
> advertise.

Right - but those hostnames are going to be things like
terminalauthserver.hsbc.com or pindevices.barclays.co.uk. They aren't
going to be the same servers (I hope!) that banks are running consumer
websites on.

Gerv


More information about the Public mailing list