[cabfpub] Question raised during CABF call today
Paul Tiemann
paul.tiemann.usenet at gmail.com
Fri Nov 22 08:32:31 MST 2013
On Nov 22, 2013, at 4:48 AM, Rob Stradling <rob.stradling at comodo.com> wrote:
> On 21/11/13 19:10, Geoff Keating wrote:
> <snip>
>> For OCSP, I don't believe we have any plans to change the algorithm used
>> to hash the issuer name and public key in the OCSP request. I'd be
>> interested in opinions as to whether this is necessary or desirable.
>
> Please keep using SHA-1 for the issuerNameHash and issuerKeyHash. Forever!
+1
Using anything else for issuerNameHas and issuerKeyHash would likely
break most OCSP implementations (on both client and server side) and it wouldn't
deliver any security gain.
Paul Tiemann
(DigiCert)
More information about the Public
mailing list