diff options
author | Jacob Appelbaum <jacob@appelbaum.net> | 2012-07-17 18:20:56 -0700 |
---|---|---|
committer | Jacob Appelbaum <jacob@appelbaum.net> | 2012-07-17 18:20:56 -0700 |
commit | c4d3f9f8c28b61249c5139981033d9cd87d74b3b (patch) | |
tree | e17ef45e15ab75ad73018d08cd118eebbc011074 /TODO | |
parent | 7a072e6c061113d19c77cbd61e742cd0e70c210b (diff) | |
download | tlsdate-c4d3f9f8c28b61249c5139981033d9cd87d74b3b.tar.gz |
Check for public keys with less than 1023 bits and die if weak key is found
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 1 |
1 files changed, 0 insertions, 1 deletions
@@ -24,7 +24,6 @@ Here is a nice list of things to do to improve tlsdate: 20) Add verification of remote servers by DANE/CAA DNSSEC protected records 21) Integrate Chrome's CRL list into tlsdate 22) Block revoked or bad certs such as MD5 inc. and others. -23) Block weak keys (number of bits < 1024) 24) Add OCSP check option 25) Block weak signature algorithms 26) Hard code block list of known horrible certs (extract from Chrome/FF) |