[cabfpub] RSA keysize violations

Rob Stradling rob.stradling at comodo.com
Wed Jan 8 13:27:31 UTC 2014

On 06/01/14 12:43, Rob Stradling wrote:
>>> The cut-off date for <2048-bit keys was a few days ago.

Sigh.  Looks like at least 2 CAs haven't yet noticed.  :-(

1. C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik 
Sertifika Hizmet Saglayicisi
(Trusted by the Microsoft and Mozilla root programs)

   - notBefore = Jan 2nd 2014 / Jan 6th 2014.
   - 1024-bit RSA key.
   - Issued directly by a Root Certificate.
   - Several required extensions missing.

2. C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni 
autorita a.s.
(Trusted by the Microsoft root program)

   - notBefore = Jan 2nd 2014.
   - 1024-bit RSA key.
   - Issued directly by a Root Certificate (although these might qualify 
as "infrastructure" or "testing" certs, as per BRs Section 12).
   - Several required extensions missing.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list