Please remove the following two root certificates from NSS: CN = America Online Root Certification Authority 1 O = America Online Inc. SHA-1 Fingerprint: 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A CN = America Online Root Certification Authority 2 O = America Online Inc. SHA-1 Fingerprint: 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84 This was noted in AOL's response to the May CA Communication. https://wiki.mozilla.org/CA:Communications#May_2014_Responses "* Both roots may be removed after Dec 31, 2014" I am in email contact with the corresponding Program Manager of Team AOL, and she said they are ready for these root certificates to be removed in Firefox 35.
Test builds, which removes the roots, can be found here: http://email@example.com/
I confirmed removal of these two root certificates in the test build.
In this comment I'm simply documenting something I've looked up. I learned these certificates used 2048-bit and 4096-bit keys, so I conclude these removals weren't motivated by phasing out 1024-bit keys.