Check for public keys with less than 1023 bits and die if weak key is found

author: Jacob Appelbaum <jacob@appelbaum.net> 2012-07-17 18:20:56 -0700
committer: Jacob Appelbaum <jacob@appelbaum.net> 2012-07-17 18:20:56 -0700
commit: c4d3f9f8c28b61249c5139981033d9cd87d74b3b (patch)
tree: e17ef45e15ab75ad73018d08cd118eebbc011074 /TODO
parent: 7a072e6c061113d19c77cbd61e742cd0e70c210b (diff)
download: tlsdate-c4d3f9f8c28b61249c5139981033d9cd87d74b3b.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/TODO b/TODO
index 6423855..ee82988 100644
--- a/TODO
+++ b/TODO
@@ -24,7 +24,6 @@ Here is a nice list of things to do to improve tlsdate:
 20)  Add verification of remote servers by DANE/CAA DNSSEC protected records
 21)  Integrate Chrome's CRL list into tlsdate
 22)  Block revoked or bad certs such as MD5 inc. and others.
-23)  Block weak keys (number of bits < 1024)
 24)  Add OCSP check option
 25)  Block weak signature algorithms
 26)  Hard code block list of known horrible certs (extract from Chrome/FF)
author	Jacob Appelbaum <jacob@appelbaum.net>	2012-07-17 18:20:56 -0700
committer	Jacob Appelbaum <jacob@appelbaum.net>	2012-07-17 18:20:56 -0700
commit	c4d3f9f8c28b61249c5139981033d9cd87d74b3b (patch)
tree	e17ef45e15ab75ad73018d08cd118eebbc011074 /TODO
parent	7a072e6c061113d19c77cbd61e742cd0e70c210b (diff)
download	tlsdate-c4d3f9f8c28b61249c5139981033d9cd87d74b3b.tar.gz