* '''December 31, 2013''' – Mozilla will disable or remove all root certificates with RSA key sizes smaller than 2048 bits.
'''Caveats to proposed dates: '''
# Mozilla will take these actions earlier and at its sole discretion if necessary to keep our users safe.
# CAs may request that their legacy roots be disabled or removed from NSS earlier, according to the [[CA:Root_Change_Process | Root Change Process]]