Nope. ALL 1024 bit certs of every description are covered including end-entity.
On Thu, Mar 27, 2014 at 3:35 PM, Paul Wouters <p...@nohats.ca> wrote: > On Thu, 27 Mar 2014, Nicholas Weaver wrote: > > Because the browsers have already decided killing of 1024b CAs is a good >> idea, and they could revoke just those CAs once someone breaks a 1024b >> example, since the browser vendors have good experience in revoking bad CAs >> already (queue DigiNotar...) >> > > 10-20 year validity. > > In contrast, DNSSEC >> > > 1 month validity. > > Paul > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
