[cabfpub] Proposed addition to BRs allowing issuance of <2048

[Rick Andrews]

Eddy,

Your previous suggestion (that these certs not be accessible publicly over HTTPS) is not workable. I’m working with two customers now whose servers are publicly accessible, but not meant to be used by browsers.

-Rick

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Thursday, June 13, 2013 12:47 PM
To: public at cabforum.org
Subject: Re: [cabfpub] Proposed addition to BRs allowing issuance of <2048


On 06/13/2013 10:42 PM, From Rick Andrews:

One more thing I forgot to mention: Tom Albertson of Microsoft made it clear that his metric is whether or not the existence of the certificate in question can cause harm to Windows users (not just IE users). For him, it's not enough that the certificate is not used by a browser. He would like us to pay attention to the possibility that a 1024-bit certificate might harm Windows users.

He's probably right, but it's out of the scope of the BR and EV guidelines. Hence my previous suggestion (your additional comment above might not be related though).

Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130613/e1f26930/attachment-0003.html>