[cabfpub] Fwd: Re: SHA-256 support
wtc at google.com
Wed Nov 27 23:01:16 UTC 2013
On Tue, Nov 26, 2013 at 2:54 AM, Rob Stradling <rob.stradling at comodo.com> wrote:
> Thanks Gerv. I think Bob's and Wan-Teh's answers only cover signatures
> on certificates. CAs will also need clients to support SHA-2-based
> signatures on OCSP Responses.
> 2 days ago Brian Smith wrote:
> "Note that currently NSS does not support SHA2 for OCSP completely yet."
> Which NSS and Firefox versions will support SHA-256/384/512-based
> signatures on OCSP Responses "completely"?
This issue has been clarified. The NSS bug that Brian Smith referred
to is https://bugzilla.mozilla.org/show_bug.cgi?id=663315. That bug is
not about SHA-256/384/512-based signatures on OCSP responses.
So NSS 3.11.4 and later should be able to verify SHA-256/384/512-based
signatures on OCSP responses.
More information about the Public