<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Since this is driven by evolution of
Microsoft Root CP tech requirements, lets start from it. [*]<br>
<br>
Here's my understanding.<br>
<br>
If the certificate is a TLS one, it won't be valid after
01.01.2017.<br>
<br>
If the certificate is a Code Signing one, and the code it signs
has been timestamped before 01.01.2016, such code will be accepted
until MS decides that SHA1 is vulnerable enough to a second
preimage attack. (I added the "second" because that's the real
attack, obviously, if you can do a preimage, a second preimage is
easy)<br>
If the certificate is a Code Signing one, and the code it signs is
not timestamped or is timestamped after 01.01.2016, this code
won't be considered valid after 01.01.2016.<br>
<br>
<br>
[*]
<a class="moz-txt-link-freetext" href="http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx">http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx</a><br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
Le 19/02/2014 21:06, <a class="moz-txt-link-abbreviated" href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a> a écrit :<br>
</div>
<blockquote
cite="mid:763539E260C37C46A0D6B340B5434C3B08D0730B@AEX06.ejsarea.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de globo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EstiloCorreo17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EstiloCorreo18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.TextodegloboCar
{mso-style-name:"Texto de globo Car";
mso-style-priority:99;
mso-style-link:"Texto de globo";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Would
that mean that someone can issue a 3 years SHA1 certificate
on 31.12.2015 and would be valid until 31.12.2018?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><b><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD">Iñigo Barreira</span></b><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD"><br>
Responsable del Área técnica<br>
<a moz-do-not-send="true"
href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD">945067705</span><span style="color:#1F497D"
lang="ES-TRAD"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="ES-TRAD"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><img
id="Imagen_x0020_1"
src="cid:part2.07010805.04060500@keynectis.com"
alt="Descripción: cid:image001.png@01CE3152.B4804EB0"
border="0" width="585" height="111"></span><span
style="color:#1F497D" lang="ES-TRAD"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888;mso-fareast-language:ES-TRAD">ERNE!
Baliteke mezu honen zatiren bat edo mezu osoa legez
babestuta egotea. Mezua badu bere hartzailea. Okerreko
helbidera heldu bada (helbidea gaizki idatzi, transmisioak
huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!</span><span
style="color:#888888;mso-fareast-language:ES-TRAD"><br>
</span><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888;mso-fareast-language:ES-TRAD">ATENCION!
Este mensaje contiene informacion privilegiada o
confidencial a la que solo tiene derecho a acceder el
destinatario. Si usted lo recibe por error le
agradeceriamos que no hiciera uso de la informacion y que
se pusiese en contacto con el remitente.</span><span
style="font-size:12.0pt;color:navy;mso-fareast-language:ES-TRAD"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>En nombre de </b>Ben
Wilson<br>
<b>Enviado el:</b> miércoles, 19 de febrero de 2014
21:02<br>
<b>Para:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Asunto:</b> [cabfpub] SHA1 Deprecation Ballot<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">I’m not sure whether
I’ve captured it all, but here is a rough draft of a
possible ballot for the Baseline Requirements. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Effective immediately
CAs SHOULD begin migrating away from using the SHA-1 hashing
algorithm to sign SSL/TLS and code signing certificates. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Beginning January 1,
2016, CAs SHALL NOT use the SHA-1 hashing algorithm to sign
SSL/TLS or code signing certificates.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Please provide your
comments, edits, etc., <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Ben<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>