[cabfpub] Question raised during CABF call today

Ryan Hurst ryan.hurst at globalsign.com
Thu Dec 5 21:13:25 UTC 2013


And I agree with all of Rob's other points on SHA2 and ECC compatibility
with OCSP.


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Erwann Abalea
Sent: Friday, November 22, 2013 10:28 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Question raised during CABF call today

There's no security problem with it, it's only used to produce a constant
size identifier.


Le 22/11/2013 12:48, Rob Stradling a écrit :
> On 21/11/13 19:10, Geoff Keating wrote:
> <snip>
>> For OCSP, I don't believe we have any plans to change the algorithm
>> used to hash the issuer name and public key in the OCSP request.  I'd
>> be interested in opinions as to whether this is necessary or desirable.
> Please keep using SHA-1 for the issuerNameHash and issuerKeyHash.

Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131205/f18e311e/attachment.p7s>

More information about the Public mailing list