[cabfpub] Microsoft SHA-1 deprecation problem for Kernel Mode Code Signing

GlobalSign(Yasuyuki Inui) yasuyuki.inui at globalsign.com
Thu Apr 10 18:15:29 MST 2014


Hi Tom-san

this patch (sha2 codesign for kernel mode on vista and win7) is already
released?
our costumer seems encounter this problem but I am not sure exact reason.

thanks

inui
GlobalSign



>> On 13/11/2013 17:43, "Tom Albertson" <tomalb at microsoft.com> wrote:
>>
>> >Hi Rob,
>> >
>> >Yes, we are making changes to supported Windows versions to support SHA-2
>> >for kernel mode code signing.  The patch will come out publicly, and we
>> >will notify kernel mode CAs about the expected timeframe and overall kmod
>> >strategy.
>> >
>> >Tom
>> >
>> >-----Original Message-----
>> >From: Rob Stradling [mailto:rob.stradling at comodo.com]
>> >Sent: Wednesday, November 13, 2013 4:18 AM
>> >To: Tom Albertson; Kelvin Yiu
>> >Cc: public at cabforum.org
>> >Subject: Microsoft SHA-1 deprecation problem for Kernel Mode Code Signing
>> >
>> >Tom, Kelvin,
>> >
>> >I know you're already aware that Windows Vista and Windows 7 are unable
>> >to use SHA-2 certificates for Kernel Mode Code Signing.
>> >
>> >Your SHA-1 deprecation advisory [1] says:
>> >"Recommendation: Microsoft recommends that certificate authorities no
>> >longer sign newly generated certificates using the SHA-1 hashing
>> >algorithm and begin migrating to SHA-2. Microsoft also recommends that
>> >customers replace their SHA-1 certificates with SHA-2 certificates at the
>> >earliest opportunity."
>> >
>> >I understand this to mean that, ideally, you'd like us to switch from
>> >SHA-1 to SHA-2 _today_, for the issuance of new SSL certificates and Code
>> >Signing Certificates.
>> >
>> >Does this mean that you've managed to hotfix all deployed Vista/7 boxes
>> >on the planet, so that SHA-2 certificates can now be used for Kernel Mode
>> >Code Signing?
>> >
>> >If not, how do you intend to address this issue?
>> >
>> >(I presume you're not phasing out Windows 7 at the same time as phasing
>> >out SHA-1!!)
>> >
>> >
>> >[1] https://technet.microsoft.com/en-us/security/advisory/2880823
>> >
>> >--
>> >Rob Stradling
>> >Senior Research & Development Scientist
>> >COMODO - Creating Trust Online
>> >
>> >_______________________________________________
>> >Public mailing list
>> >Public at cabforum.org
>> >https://cabforum.org/mailman/listinfo/public
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140411/4c966d7f/attachment.html 


More information about the Public mailing list