<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Bonjour,<br>
      <br>
      I agree with the general idea, which is to get rid of SHA1 for
      signature purpose. However, let's play devil's advocate.<br>
      <br>
      Le 06/09/2014 00:47, Tom Albertson a écrit :<br>
    </div>
    <blockquote
cite="mid:426dae98234d4e5f9233f5f588fb92f4@DM2PR0301MB0653.namprd03.prod.outlook.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Cambria-BoldItalic;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Cambria-Bold;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:TimesNewRomanPSMT;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">[...]</div>
    </blockquote>
    <blockquote
cite="mid:426dae98234d4e5f9233f5f588fb92f4@DM2PR0301MB0653.namprd03.prod.outlook.com"
      type="cite">
      <div class="WordSection1">
        <p class="MsoNormal"><b><u><span style="font-family:"Times
                New Roman","serif";color:red">9.4.2 Root
                CA Certificates<o:p></o:p></span></u></b></p>
        <p class="MsoNormal"><u><span style="font-family:"Times New
              Roman","serif";color:red"><o:p><span
                  style="text-decoration:none"> </span></o:p></span></u></p>
        <p class="MsoNormal"><u><span style="color:red">The SHA-1
              deprecation policy and Validity Dates DO NOT apply to Root
              CA certificates.  CAs MAY continue to use their existing
              SHA-1 Root Certificates. 
            </span></u><u><span style="color:red" lang="EN">CAs MUST use
              SHA-2 or successor hash algorithms to sign any Subscriber
              certificates, Subordinate CA certificates, and CRLs
              effective 1 January 2016.</span><span style="color:red"><o:p></o:p></span></u></p>
        <p class="MsoNormal"><u><span style="font-family:"Times New
              Roman","serif";color:red"><o:p><span
                  style="text-decoration:none"> </span></o:p></span></u></p>
        <p class="MsoNormal"><u><span style="font-family:"Times New
              Roman","serif";color:red"><o:p><span
                  style="text-decoration:none"> </span></o:p></span></u></p>
        <p class="MsoNormal"><b><u><span style="font-family:"Times
                New Roman","serif";color:red">9.4.3
                Subordinate CA Certificates<o:p></o:p></span></u></b></p>
        <p class="MsoNormal"><u><span style="font-family:"Times New
              Roman","serif";color:red"><o:p><span
                  style="text-decoration:none"> </span></o:p></span></u></p>
        <p class="MsoNormal"><u><span style="font-family:"Times New
              Roman","serif";color:red">Effective 1
              January 2016, CAs MUST NOT issue Subordinate CA
              Certificates that utilize the SHA-1 algorithm.</span></u></p>
      </div>
    </blockquote>
    <br>
    Even for non-{SSL, CS} purpose?<br>
    <br>
    <blockquote
cite="mid:426dae98234d4e5f9233f5f588fb92f4@DM2PR0301MB0653.namprd03.prod.outlook.com"
      type="cite">
      <div class="WordSection1">
        <p class="MsoNormal"><u><span style="font-family:"Times New
              Roman","serif";color:red">  CAs MUST NOT
              issue SHA-2 Subscriber certificates under SHA-1
              Subordinate CA Certificates.</span></u><span
            style="font-family:"Times New
            Roman","serif";color:red"> 
            <o:p></o:p></span></p>
        <span style="font-family:"Times New
          Roman","serif""><o:p> </o:p></span></div>
    </blockquote>
    <br>
    Why? Issuing SHA2-signed subscriber certificates under a CA has no
    impact on the resistance of the CA's own certificate, whether this
    one is SHA1-signed or anything else.<br>
    <br>
    <br>
    The problem with SHA1 is its low collision resistance. It's a
    problem with signed objects if the applicant can be hostile
    (certificate request, signed document, timestamp, ...). A
    subordinate CA, if owned and operated by the same entity as the
    issuing CA, isn't hostile.<br>
    <br>
    Cordialement.<br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Erwann ABALEA
</pre>
    <br>
  </body>
</html>