<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Bonjour,<br>
<br>
I agree with the general idea, which is to get rid of SHA1 for
signature purpose. However, let's play devil's advocate.<br>
<br>
Le 06/09/2014 00:47, Tom Albertson a écrit :<br>
</div>
<blockquote
cite="mid:426dae98234d4e5f9233f5f588fb92f4@DM2PR0301MB0653.namprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Cambria-BoldItalic;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Cambria-Bold;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:TimesNewRomanPSMT;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">[...]</div>
</blockquote>
<blockquote
cite="mid:426dae98234d4e5f9233f5f588fb92f4@DM2PR0301MB0653.namprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><b><u><span style="font-family:"Times
New Roman","serif";color:red">9.4.2 Root
CA Certificates<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><u><span style="font-family:"Times New
Roman","serif";color:red"><o:p><span
style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal"><u><span style="color:red">The SHA-1
deprecation policy and Validity Dates DO NOT apply to Root
CA certificates. CAs MAY continue to use their existing
SHA-1 Root Certificates.
</span></u><u><span style="color:red" lang="EN">CAs MUST use
SHA-2 or successor hash algorithms to sign any Subscriber
certificates, Subordinate CA certificates, and CRLs
effective 1 January 2016.</span><span style="color:red"><o:p></o:p></span></u></p>
<p class="MsoNormal"><u><span style="font-family:"Times New
Roman","serif";color:red"><o:p><span
style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal"><u><span style="font-family:"Times New
Roman","serif";color:red"><o:p><span
style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal"><b><u><span style="font-family:"Times
New Roman","serif";color:red">9.4.3
Subordinate CA Certificates<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><u><span style="font-family:"Times New
Roman","serif";color:red"><o:p><span
style="text-decoration:none"> </span></o:p></span></u></p>
<p class="MsoNormal"><u><span style="font-family:"Times New
Roman","serif";color:red">Effective 1
January 2016, CAs MUST NOT issue Subordinate CA
Certificates that utilize the SHA-1 algorithm.</span></u></p>
</div>
</blockquote>
<br>
Even for non-{SSL, CS} purpose?<br>
<br>
<blockquote
cite="mid:426dae98234d4e5f9233f5f588fb92f4@DM2PR0301MB0653.namprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><u><span style="font-family:"Times New
Roman","serif";color:red"> CAs MUST NOT
issue SHA-2 Subscriber certificates under SHA-1
Subordinate CA Certificates.</span></u><span
style="font-family:"Times New
Roman","serif";color:red">
<o:p></o:p></span></p>
<span style="font-family:"Times New
Roman","serif""><o:p> </o:p></span></div>
</blockquote>
<br>
Why? Issuing SHA2-signed subscriber certificates under a CA has no
impact on the resistance of the CA's own certificate, whether this
one is SHA1-signed or anything else.<br>
<br>
<br>
The problem with SHA1 is its low collision resistance. It's a
problem with signed objects if the applicant can be hostile
(certificate request, signed document, timestamp, ...). A
subordinate CA, if owned and operated by the same entity as the
issuing CA, isn't hostile.<br>
<br>
Cordialement.<br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
<br>
</body>
</html>