[cabfpub] Need exception to 1024-bit revocation requirement

Rick Andrews Rick_Andrews at symantec.com
Mon Sep 23 06:57:39 MST 2013


Gerv,

No final resolution yet, although I'm planning to resolve it by removing the affected roots (they're 1024-bit) from browsers, thus releasing them from Baseline Requirements. It's taking time because I'm trying to figure out the impact to other customers. 

-Rick

On Sep 23, 2013, at 4:53 PM, "Gervase Markham" <gerv at mozilla.org> wrote:

> Hi everyone.
> 
> On 06/06/13 20:36, Rick Andrews wrote:
>> It’s come to our attention that we’ve issued 1024-bit SSL certs to
>> customers that use them with what are called “pre-PCI POS PIN acceptance
>> devices”, and that those devices are incapable of working with a
>> 2048-bit key. VISA has stated that those devices may be used until
>> December 31, 2014 (see
>> _http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDcQFjAA&url=http%3A%2F%2Fusa.visa.com%2Fdownload%2Fmerchants%2Fretirement-of-pre-pci-attended-pos-pin-entry-devices.pdf&ei=Nd6wUaa2ForXigKb-4BY&usg=AFQjCNHtHptM1jQudRTl8pnMx-MKC7z6fw&sig2=ItouLeVwv8wkQYGpi9nPVQ&bvm=bv.47534661,d.cGE_)
>> , and our customers feel that revoking them will cause grave financial harm.
> 
> Can someone remind me of the resolution, if any, of the discussion on
> this issue?
> 
> Thanks,
> 
> Gerv


More information about the Public mailing list