<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div dir="ltr" data-ogsc="" style="">
<div dir="ltr">
<div>
<meta content="text/html; charset=us-ascii" data-ogsc="" style="">
<meta name="ProgId" content="Word.Document" data-ogsc="" style="">
<meta name="Generator" content="Microsoft Word 15" data-ogsc="" style="">
<meta name="Originator" content="Microsoft Word 15" data-ogsc="" style="">
<style data-ogsc="" style="">
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
a:link, span.MsoHyperlink
{color:#0563C1;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:#954F72;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri",sans-serif;
color:windowtext}
.MsoChpDefault
{font-family:"Calibri",sans-serif}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
-->
</style></div>
<div class="WordSection1" data-ogsc="" style="">
<p class="MsoNormal">Hi Folks,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">We are recognizing that in the current Code Signing BRs (v2.0) is in need of updating to account for support on Authenticode Timestamp countersignatures with SHA-1 digest for legacy implementations.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Currently, the Code Signing BR’s v2.0 in Appendix A [3] Timestamp Tokens calls for SHA-1 to no longer be allow post January 1, 2021. We recognize this is in conflict with what Authenticode timestamps will require for existing timestamping
certificates issued prior to January 1, 2021 that expire past the January 1, 2021 deadline.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I would like to update the Appendix A (3) Timestamp Token to be:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><b><span style=""> </span>(3) Timestamp Tokens</b></p>
<p class="MsoNormal" style="margin-left:.5in"> </p>
<p class="MsoNormal" style="margin-left:.5in">The digest algorithms used to sign Timestamp tokens must match the digest algorithm used to sign the Timestamp Certificate.</p>
<p class="MsoNormal" style="margin-left:.5in"> </p>
<table class="MsoTableGrid" border="1" cellspacing="0" cellpadding="0" style="margin-left:.5in; border-collapse:collapse; border:none">
<tbody>
<tr style="">
<td width="156" valign="top" style="width:116.85pt; border:solid windowtext 1.0pt; padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal"> </p>
</td>
<td width="294" valign="top" style="width:220.25pt; border:solid windowtext 1.0pt; border-left:none; padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal">Generated prior to January 1, 2021</p>
</td>
<td width="300" valign="top" style="width:225.0pt; border:solid windowtext 1.0pt; border-left:none; padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal">Generated on or after January 1, 2021</p>
</td>
</tr>
<tr style="">
<td width="156" valign="top" style="width:116.85pt; border:solid windowtext 1.0pt; border-top:none; padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal">Digest algorithm</p>
</td>
<td width="294" valign="top" style="width:220.25pt; border-top:none; border-left:none; border-bottom:solid windowtext 1.0pt; border-right:solid windowtext 1.0pt; padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal">SHA-256, SHA-384 or SHA-512 (SHA-1 for legacy implementations only)*</p>
</td>
<td width="300" valign="top" style="width:225.0pt; border-top:none; border-left:none; border-bottom:solid windowtext 1.0pt; border-right:solid windowtext 1.0pt; padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal">SHA-256, SHA-384 or SHA-512 (SHA-1 for legacy implementations only until April 30, 2022)</p>
<p class="MsoNormal"> </p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="margin-left:.5in"><span style="color: black;">*CAs can issue SHA-1 certificates to legacy platforms that do not support SHA-2 only for code signing and timestamping certificates.</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> Cheers, </p>
<p class="MsoNormal">Ian </p>
<p class="MsoNormal"> </p>
</div>
<!--{"start":[1,6,0,2],"end":[1,6,0,2]}--></div>
<!--{"start":[1],"end":[1]}--></div>
</body>
</html>