[Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away from January 1st.

Ian McMillan ianmcm at microsoft.com
Wed Sep 23 12:35:43 MST 2020 

We really cannot endorse moving the SHA-1 digest algorithm dates for certs. Moving the SHA-1 digest algorithm for certs has broader implication to the SHA-1 deprecation public dates for Windows, which is set for May 9, 2021, and we have to have all certs off of SHA-1 well before that May date.

Thanks,
Ian

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tim Hollebeek via Cscwg-public
Sent: Wednesday, September 23, 2020 11:19 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; cscwg-public at cabforum.org
Subject: [EXTERNAL] Re: [Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away from January 1st.

One comment I have received is whether it is better to move the “legacy SHA-1 message digest” deadline away from January 1st, 2021 as well.  The draft below moves the RSA deadline and the timestamp token deadline, but not the legacy SHA-1 message digest deadline.  Is that what people want?  Or should the SHA-1 message digest deadline move to June 1st, 2021 as well.

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Tim Hollebeek via Cscwg-public
Sent: Tuesday, September 22, 2020 12:49 PM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away from January 1st.


Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens

Purpose of the Ballot:

The current deadline for moving from RSA-2048 to RSA-3072 and from SHA-1 to SHA-2 for timestamp tokens falls on January 1, 2021, which is inconvenient due to code freezes due to the winter holidays.  This ballot delays the deadline to June 1, 2021 for RSA-3072 and April 30, 2022 for SHA-2 timestamp tokens.

The following motion has been proposed by Tim Hollebeek of DigiCert, and endorsed by Ian McMillan of Microsoft and Hugh Mercer of GlobalSign.

--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates" version 2.0 according to the attached redline.

--- MOTION ENDS ---

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 2020-09-22, 12:45pm Eastern Time (US)

End Time: not before 2020-09-29, 12:45pm Eastern Time (US)

Vote for approval (7 days)

Start Time: TBD

End Time: TBD


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200923/148d75b5/attachment.html>

More information about the Cscwg-public mailing list