
Bug 986019 – Turn off SSL and Code Signing trust bits for Equifax 1024-bit roots - yuhong
https://bugzilla.mozilla.org/show_bug.cgi?id=986019
======
PhantomGremlin
This is a lot like the drunk who lost his car keys and was looking for them
underneath the street lamp, because that's where the light was. I.e. not very
useful activity.

I'm using Firefox 35, and the very first certificate it trusts is from
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı. Huh? So there are still
hundreds of random trusted certificate issuers controlled by dozens of random
authoritarian governments?

I'm supposed to be concerned about theoretical 1024 bit key strength, while we
_know_ _for_ _sure_ that various certificate authorities have been compromised
in the past?

Bah. They should fix the real problems first.

------
yuhong
The only 1024-bit root that will remain after Firefox 36. RapidSSL were also
late with the SHA2 intermediate too BTW. Also the infamous 2008 MD5 collision
also used RapidSSL.

