<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    <div class="moz-cite-prefix">On 09/08/2014 03:24 PM, Erwann Abalea
      wrote:<br>
    </div>
    <blockquote cite="mid:540D9FF1.4020206@opentrust.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      The problem with SHA1 is its low collision resistance. It's a
      problem with signed objects if the applicant can be hostile
      (certificate request, signed document, timestamp, ...). A
      subordinate CA, if owned and operated by the same entity as the
      issuing CA, isn't hostile.<br>
    </blockquote>
    <br>
    Exactly! I think this would go too far especially for transitioning
    subscribers. At a future point that requirement could be set with a
    date further out.<br>
    <br>
    <div class="moz-signature">-- <br>
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td colspan="2">Regards </td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
          <tr>
            <td>Signer: </td>
            <td>Eddy Nigg, COO/CTO</td>
          </tr>
          <tr>
            <td> </td>
            <td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
          </tr>
          <tr>
            <td>XMPP: </td>
            <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
          </tr>
          <tr>
            <td>Blog: </td>
            <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
          </tr>
          <tr>
            <td>Twitter: </td>
            <td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
        </tbody>
      </table>
    </div>
  </body>
</html>