Closed Bug 380059 Opened 18 years ago Closed 16 years ago

CA Cert Policy: Specify minimum key sizes

Categories

(mozilla.org :: Governance, task)

Product:
mozilla.org
Component:
Governance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: gerv, Unassigned)

Details

One suggestion for a future revision of the CA Cert Policy is that we should specify minimum key sizes, either just for roots or for roots, intermediates and end entity certificates. The exact restrictions would need to be discussed, but doubtless we would take into account the views of our crypto team and advice from places like NIST. Gerv
Mozilla does not usually pre-install intermediate or site certificates into its products. Thus, if the policy does indeed address intermediate or site certificates, the policy must then make clear what happens when such certificates fail to comply with the minimum key size. For example, will Mozilla products fail to establish a secure session with a non-compliant key. Or will the products merely refuse to import such certificates into their databases?
Assignee: gerv → nobody
Discussion of this sort of thing now happens in mozilla.dev.security.policy, and documents are prepared on the wiki. So this information has been moved to: https://wiki.mozilla.org/CA:Problematic_Practices which seems the right sort of place for it to be if it's going to be taken into account for future policy revisions. There's no good resolution to use; INVALID will have to do. Gerv
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.