[cabfpub] Proposed addition to BRs allowing issuance of <2048

Rick Andrews Rick_Andrews at symantec.com
Thu Jun 13 19:57:47 UTC 2013


Your previous suggestion (that these certs not be accessible publicly over HTTPS) is not workable. I’m working with two customers now whose servers are publicly accessible, but not meant to be used by browsers.


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Thursday, June 13, 2013 12:47 PM
To: public at cabforum.org
Subject: Re: [cabfpub] Proposed addition to BRs allowing issuance of <2048

On 06/13/2013 10:42 PM, From Rick Andrews:

One more thing I forgot to mention: Tom Albertson of Microsoft made it clear that his metric is whether or not the existence of the certificate in question can cause harm to Windows users (not just IE users). For him, it's not enough that the certificate is not used by a browser. He would like us to pay attention to the possibility that a 1024-bit certificate might harm Windows users.

He's probably right, but it's out of the scope of the BR and EV guidelines. Hence my previous suggestion (your additional comment above might not be related though).



Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130613/e1f26930/attachment-0003.html>

More information about the Public mailing list