[cabfpub] SHA-2 Adoption
Janssen, M.A. (Mark) - Logius
mark.janssen at logius.nl
Wed Feb 13 09:42:56 UTC 2013
Hi Joseph,
The Dutch Governmental Root CA (Logius PKIoverheid) is issuing SHA256 certs since 01/01/2011. For example this site https://www.digid.nl/index.php?id=1&L=1 is being visited by approximately 9 million Dutch citizens every year. We didn’t encounter any problems on the end-user side.
Regarding subscribers there were some minor issues with legacy apps. I recognize the Cisco issue as stated by Frank in his email below. Nevertheless the issues weren’t blocking and subscribers were able to solve the problems within a short period of time.
For end-users we developed a test site (in Dutch): http://g2.logius.nl/ When the bar on the website shows a green color than the OS/Browser of the end-user is SHA2 ready. If it turns red than the end-user should upgrade/update their OS/Browser.
>What is the supportability percentage across browsers and systems requesting certificates?
Check: http://gs.statcounter.com/
Best Regards,
Mark Janssen
Senior Advisor PKIoverheid
........................................................................
Logius
The ministry of the Interior and Kingdom Relations (BZK)
Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague
P.O. Box 96810 | 2509 JE | The Hague
........................................................................
T +31(0) 70 8887 967
F +31(0) 70 8887 882
mark.janssen at logius.nl<mailto:mark.janssen at logius.nl>
http://www.logius.nl/<https://webmail.ictu.nl/exchweb/bin/redir.asp?URL=http://www.logius.nl/>
........................................................................
Service e-government
........................................................................
Please consider the environment - do you really need to print this mail?
Van: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] Namens Steinfeldt, Frank
Verzonden: dinsdag 12 februari 2013 16:03
Aan: Joseph.R.Kaluzny at wellsfargo.com; management at cabforum.org
Onderwerp: Re: [cabfman] SHA-2 Adoption
Hi Joseph,
D-Trust does also. We’re issuing from a complete Sha2-Chain since one year. We had one customer in that time, that had to update a Cisco-device because of Sha2 algorythm as far as I do remember. All market relevant browsers /OS (with all versions that support the automatic root update mechanism) support our Sha256 chain.
Cheers,
Frank
Von: management-bounces at cabforum.org<mailto:management-bounces at cabforum.org> [mailto:management-bounces at cabforum.org] Im Auftrag von Joseph.R.Kaluzny at wellsfargo.com<mailto:Joseph.R.Kaluzny at wellsfargo.com>
Gesendet: Dienstag, 12. Februar 2013 15:01
An: management at cabforum.org<mailto:management at cabforum.org>
Betreff: [cabfman] SHA-2 Adoption
In planning for SHA-2 we’d like to get some idea on the adoption rates in the industry for its use. I was hoping to learn what other members of the CAB/F have found from their own CA’s regarding issuance of SHA-2 to their customers and if there is strong movement toward it? What is the supportability percentage across browsers and systems requesting certificates?
It seems like there is a diminishing interest in following NIST standards and with that, I was also wondering where others in the industry are in supporting NIST standards regarding the migration to SHA-2? Do the other CA’s in the forum offer SHA-2 from a chain that is completely SHA-2 from the root down to the issuing CA?
Any information on this from the other members would be appreciated and help us plan our own roadmap as well as give everyone an idea of where we are as a whole.
________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130213/bc0289d6/attachment-0002.html>
More information about the Public
mailing list