[cabfpub] SHA-2 Adoption

i-barreira at izenpe.net i-barreira at izenpe.net
Wed Feb 13 09:49:49 UTC 2013 

In fact Cisco has several issues with some of their products to adopt 4K size in issuing CAs and the SHA256 and we had to “create” an specific CA to the basque government because of this, and the answer of Cisco was that they will have a solution for 2016 (this issue came up in 2009)

 

 

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net

945067705

 

 

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

 

De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Janssen, M.A. (Mark) - Logius
Enviado el: miércoles, 13 de febrero de 2013 10:43
Para: Joseph.R.Kaluzny at wellsfargo.com
CC: public at cabforum.org
Asunto: Re: [cabfpub] SHA-2 Adoption

 

Hi Joseph,

 

The Dutch Governmental Root CA (Logius PKIoverheid) is issuing SHA256 certs since 01/01/2011. For example this site https://www.digid.nl/index.php?id=1&L=1 is being visited by approximately 9 million Dutch citizens every year. We didn’t encounter any problems on the end-user side. 

 

Regarding subscribers there were some minor issues with legacy apps. I recognize the Cisco issue as stated by Frank in his email below. Nevertheless the issues weren’t blocking and subscribers were able to solve the problems within a short period of time. 

 

For end-users we developed a test site (in Dutch): http://g2.logius.nl/ When the bar on the website shows a green color than the OS/Browser of the end-user is SHA2 ready. If it turns red than the end-user should upgrade/update their OS/Browser.

 

>What is the supportability percentage across browsers and systems requesting certificates?

Check: http://gs.statcounter.com/ 

 

 

Best Regards,

Mark Janssen
Senior Advisor PKIoverheid
........................................................................
Logius
The ministry of the Interior and Kingdom Relations (BZK)
Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague
P.O. Box 96810 | 2509 JE | The Hague
........................................................................
T +31(0) 70 8887 967
F +31(0) 70 8887 882
mark.janssen at logius.nl <mailto:mark.janssen at logius.nl> 
http://www.logius.nl/ <https://webmail.ictu.nl/exchweb/bin/redir.asp?URL=http://www.logius.nl/> 
........................................................................
Service e-government
........................................................................

Please consider the environment - do you really need to print this mail?

 

Van: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] Namens Steinfeldt, Frank
Verzonden: dinsdag 12 februari 2013 16:03
Aan: Joseph.R.Kaluzny at wellsfargo.com; management at cabforum.org
Onderwerp: Re: [cabfman] SHA-2 Adoption

 

Hi Joseph,

 

D-Trust does also. We’re issuing from a complete Sha2-Chain since one year. We had one customer in that time, that had to update a Cisco-device because of Sha2 algorythm as far as I do remember. All market relevant browsers /OS (with all versions that support the automatic root update mechanism) support our Sha256 chain. 

 

Cheers,

 

Frank

 

Von: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] Im Auftrag von Joseph.R.Kaluzny at wellsfargo.com
Gesendet: Dienstag, 12. Februar 2013 15:01
An: management at cabforum.org
Betreff: [cabfman] SHA-2 Adoption

 

In planning for SHA-2 we’d like to get some idea on the adoption rates in the industry for its use. I was hoping to learn what other members of the CAB/F have found from their own CA’s regarding issuance of SHA-2 to their customers and if there is strong movement toward it? What is the supportability percentage across browsers and systems requesting certificates?

 

It seems like there is a diminishing interest in following NIST standards and with that, I was also wondering where others in the industry are in supporting NIST standards regarding the migration to SHA-2? Do the other CA’s in the forum offer SHA-2 from a chain that is completely SHA-2 from the root down to the issuing CA?

 

Any information on this from the other members would be appreciated and help us plan our own roadmap as well as give everyone an idea of where we are as a whole.

 

________________________________


Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. .

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130213/7cbb2b91/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130213/7cbb2b91/attachment-0003.png>

More information about the Public mailing list