<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 09/13/2014 02:12 AM, Tom Albertson
wrote:<br>
</div>
<blockquote
cite="mid:910567851f344ad88ac047476cb0c52f@DM2PR0301MB0653.namprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:TimesNewRomanPSMT;}
@font-face
{font-family:Cambria-BoldItalic;}
@font-face
{font-family:Cambria-Bold;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi there - sorry to drop off the face of
the earth there, I was oof and got busy this week. Great
feedback! I have attached to this email a revised ballot
incorporating some of your feedback, and am writing specific
responses on a few topics raised.</p>
</div>
</blockquote>
<br>
Thanks Tom!<br>
<br>
<blockquote
cite="mid:910567851f344ad88ac047476cb0c52f@DM2PR0301MB0653.namprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p><span style="color:red">If CAs
are actually hurting to meet this deadline I would love to
hear from them, if they need more time then we can allow it
on their audits etc – but I am not certain that 1 Jan 2015
is any better than 10 November 2014.
</span></p>
</div>
</blockquote>
<br>
Lets say that four month is double of two month, probably
significant for implementation on short notice. On the other hand
1st of January isn't really must worse than 1st of November in this
respect and it should be considered. <br>
<br>
November is also kind of random instead of the end of the year/new
year (at least psychologically it works for me better :-) ).<br>
<br>
<blockquote
cite="mid:910567851f344ad88ac047476cb0c52f@DM2PR0301MB0653.namprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:red"><o:p></o:p></span>
</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">@rick_andrews @brian - OCSP, 3 uses - 1.
The ResponderID construct (through KeyHash), to identify a
certificate by the hash of its public key. 2. The CertID
construct. 3. The signature of the OCSP response.<o:p></o:p></p>
<p class="MsoNormal"><span style="color:red">Tom: Correct -
Windows will enforce the SHA1 policy only on the 3)
signature of the OCSP response. The SHA1 policy does not
apply to any other uses of SHA1, such as the ResponderID
construct, key hash or CertID.
</span></p>
</div>
</blockquote>
<br>
This means that the response must be SHA2 but the signer can remain
SHA1? Considering the short lifetime of the response signature,
shouldn't this be the other way around?<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>