A bottle in the sea :
A small question, what about the CA policy ? Do you plan to support CA keys with 2048 bits prime ? There was an email certificates(atat)mozilla.org for the certificate policy but it's anymore not valid. What the best to contact way regarding the CA policy of NSS ? Thanks for any feedback.
You might try to post to the mozilla.dev.tech.crypto newsgroup. -Bob Lord