|
|
| Line 269: |
Line 269: |
| <th>Level of Effort</th><th>Status</th> | | <th>Level of Effort</th><th>Status</th> |
| <th>Notes</th> | | <th>Notes</th> |
| </tr>
| |
|
| |
| <tr>
| |
| <td>P2* NSS PSM</td>
| |
| <td>Disallow weak RSA keys</td>
| |
| <td>{{bug|360126}}, {{bug|134735}}, {{bug|623265}}, {{bug|622859}}</td>
| |
| <td>libpkix, {{bug|790809}}</td>
| |
| <td>TBD</td>
| |
| <td></td>
| |
| <td>
| |
| * [http://news.netcraft.com/archives/2012/09/10/minimum-rsa-public-key-lengths-guidelines-or-rules.html press about this] -- "The latest versions of Safari ..., Opera, Google Chrome, and Internet Explorer ... Notably, Mozilla Firefox does not yet reject such certificates."
| |
| *512bit certs have been maliciously used.
| |
| *Chrome and Apple have disallowed certs < 1024 bits.
| |
| * [http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx Microsoft software update to be released in October 2012] will block the use of cryptographic keys that are less than 1024 bits.
| |
| *[https://wiki.mozilla.org/CA:Communications#Responses CAs have confirmed] that they are no longer issuing certs less than 1023 bits.
| |
| *{{bug|360126#c16}}: NSS has SSL_GetChannelInfo function to enable apps to get and display information about cert key strengths. Also see {{bug|587234}}</td>
| |
| </tr> | | </tr> |
|
| |
|