Changes

* '''June 30, 2011''' – Mozilla will stop accepting MD5 as a hash algorithm for intermediate and end-entity certificates. After this date software published by Mozilla will return an error when a certificate with an MD5-based signature is used.

** This change is being tracked in [https://bugzilla.mozilla.org/show_bug.cgi?id=590364 Bugzilla #590364.]

* '''December 31, 2010''' – CAs should stop issuing intermediate and end-entity certificates from roots with RSA key sizes smaller than 2048 bits. All CAs should stop issuing intermediate and end-entity certificates with RSA key size smaller than 2048 bits under any root.

** [http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-131 DRAFT Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes:] Key lengths providing 80 bits of security using approved digital signature algorithms are allowed for '''legacy''' use after 2010.

*** All certificates with RSA key size smaller than 2048 bits must expire by the end of 2013.

** CAs who continue to issue certificates with RSA key size smaller than 2048 bits must use randomness in the serial number or in one of the fields in the DN.

* '''December 31, 2013''' – Mozilla will disable or remove all root certificates with RSA key sizes smaller than 2048 bits.