[cabfpub] SHA-2 Adoption

Ryan Hurst ryan.hurst at globalsign.com
Wed Feb 13 15:22:14 UTC 2013 

Here is a post I did last year on this topic:
http://unmitigatedrisk.com/?p=189

My assessment is if we exclude appliances about 6% of the Internet can't do SHA2.

Ryan Hurst
Chief Technology Officer
GMO Globalsign

twitter: @rmhrisk
email: ryan.hurst at globalsign.com
phone: 206-650-7926

Sent from my phone, please forgive the brevity.

On Feb 13, 2013, at 1:42 AM, "Janssen, M.A. (Mark) - Logius" <mark.janssen at logius.nl> wrote:

> Hi Joseph,
>  
> The Dutch Governmental Root CA (Logius PKIoverheid) is issuing SHA256 certs since 01/01/2011. For example this site https://www.digid.nl/index.php?id=1&L=1 is being visited by approximately 9 million Dutch citizens every year. We didn’t encounter any problems on the end-user side.
>  
> Regarding subscribers there were some minor issues with legacy apps. I recognize the Cisco issue as stated by Frank in his email below. Nevertheless the issues weren’t blocking and subscribers were able to solve the problems within a short period of time.
>  
> For end-users we developed a test site (in Dutch): http://g2.logius.nl/ When the bar on the website shows a green color than the OS/Browser of the end-user is SHA2 ready. If it turns red than the end-user should upgrade/update their OS/Browser.
>  
> >What is the supportability percentage across browsers and systems requesting certificates?
> Check: http://gs.statcounter.com/
>  
>  
> Best Regards,
> 
> Mark Janssen
> Senior Advisor PKIoverheid
> ........................................................................
> Logius
> The ministry of the Interior and Kingdom Relations (BZK)
> Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague
> P.O. Box 96810 | 2509 JE | The Hague
> ........................................................................
> T +31(0) 70 8887 967
> F +31(0) 70 8887 882
> mark.janssen at logius.nl
> http://www.logius.nl/
> ........................................................................
> Service e-government
> ........................................................................
> Please consider the environment - do you really need to print this mail?
>  
> Van: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] Namens Steinfeldt, Frank
> Verzonden: dinsdag 12 februari 2013 16:03
> Aan: Joseph.R.Kaluzny at wellsfargo.com; management at cabforum.org
> Onderwerp: Re: [cabfman] SHA-2 Adoption
>  
> Hi Joseph,
>  
> D-Trust does also. We’re issuing from a complete Sha2-Chain since one year. We had one customer in that time, that had to update a Cisco-device because of Sha2 algorythm as far as I do remember. All market relevant browsers /OS (with all versions that support the automatic root update mechanism) support our Sha256 chain.
>  
> Cheers,
>  
> Frank
>  
> Von: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] Im Auftrag von Joseph.R.Kaluzny at wellsfargo.com
> Gesendet: Dienstag, 12. Februar 2013 15:01
> An: management at cabforum.org
> Betreff: [cabfman] SHA-2 Adoption
>  
> In planning for SHA-2 we’d like to get some idea on the adoption rates in the industry for its use. I was hoping to learn what other members of the CAB/F have found from their own CA’s regarding issuance of SHA-2 to their customers and if there is strong movement toward it? What is the supportability percentage across browsers and systems requesting certificates?
>  
> It seems like there is a diminishing interest in following NIST standards and with that, I was also wondering where others in the industry are in supporting NIST standards regarding the migration to SHA-2? Do the other CA’s in the forum offer SHA-2 from a chain that is completely SHA-2 from the root down to the issuing CA?
>  
> Any information on this from the other members would be appreciated and help us plan our own roadmap as well as give everyone an idea of where we are as a whole.
> 
> 
> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. .
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130213/9e0c18ba/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2098 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130213/9e0c18ba/attachment-0001.p7s>

More information about the Public mailing list