[145970] in cryptography@c2.net mail archive
Re: Formal notice given of rearrangement of deck chairs on RMS
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Wed Oct 6 18:34:44 2010
Date: Wed, 6 Oct 2010 16:43:45 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: Matt Crawford <crawdad@fnal.gov>
Cc: Cryptography List <cryptography@metzdowd.com>,
Victor Duchovni <Victor.Duchovni@morganstanley.com>
In-Reply-To: <3CB901DE-F96C-4900-922B-B798E0F21EA3@fnal.gov>
On Wed, Oct 06, 2010 at 01:32:00PM -0500, Matt Crawford wrote:
>
> That is, if your CA key size is smaller, stop signing with it.
You may have missed the next sentence of Mozilla's statement:
> All CAs should stop issuing intermediate and end-entity certificates with
> RSA key size smaller than 2048 bits under any root.
That is, no matter how long your root key is (the previous sentence
stated the requirements about _that_) you may not use it to sign any
end-entity certificate whose key size is < 2048 bits.
Gun: check.
Bullets: check.
Feet: check.
Now they have everything they need to prevent HTTPS Everywhere.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
