[cabfpub] Microsoft SHA-1 deprecation problem for Kernel Mode Code Signing
GlobalSign(Yasuyuki Inui)
yasuyuki.inui at globalsign.com
Wed Apr 16 20:43:13 UTC 2014
Hi Tom-san
Can you give me the estimate for this patch if you pssible?
thanks
inui
GlobalSign
2014-04-10 22:06 GMT-04:00 Richard at WoSign <richard at wosign.com>:
> Yes, our test is the Kernel mode don't support SHA2 cert.
>
>
>
>
>
> Best Regards,
>
>
>
> *Richard*
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
> Behalf Of *GlobalSign(Yasuyuki Inui)
> *Sent:* Friday, April 11, 2014 9:15 AM
> *To:* Public at cabforum.org
> *Subject:* Re: [cabfpub] Microsoft SHA-1 deprecation problem for Kernel
> Mode Code Signing
>
>
>
> Hi Tom-san
>
>
>
> this patch (sha2 codesign for kernel mode on vista and win7) is already
> released?
>
> our costumer seems encounter this problem but I am not sure exact reason.
>
>
>
> thanks
>
>
>
> inui
>
> GlobalSign
>
>
>
>
>
>
> On 13/11/2013 17:43, "Tom Albertson" <tomalb at microsoft.com> wrote:
>
> >Hi Rob,
> >
> >Yes, we are making changes to supported Windows versions to support SHA-2
> >for kernel mode code signing. The patch will come out publicly, and we
> >will notify kernel mode CAs about the expected timeframe and overall kmod
> >strategy.
> >
> >Tom
> >
> >-----Original Message-----
> >From: Rob Stradling [mailto:rob.stradling at comodo.com]
> >Sent: Wednesday, November 13, 2013 4:18 AM
> >To: Tom Albertson; Kelvin Yiu
> >Cc: public at cabforum.org
> >Subject: Microsoft SHA-1 deprecation problem for Kernel Mode Code Signing
> >
> >Tom, Kelvin,
> >
> >I know you're already aware that Windows Vista and Windows 7 are unable
> >to use SHA-2 certificates for Kernel Mode Code Signing.
> >
> >Your SHA-1 deprecation advisory [1] says:
> >"Recommendation: Microsoft recommends that certificate authorities no
> >longer sign newly generated certificates using the SHA-1 hashing
> >algorithm and begin migrating to SHA-2. Microsoft also recommends that
> >customers replace their SHA-1 certificates with SHA-2 certificates at the
> >earliest opportunity."
> >
> >I understand this to mean that, ideally, you'd like us to switch from
> >SHA-1 to SHA-2 _today_, for the issuance of new SSL certificates and Code
> >Signing Certificates.
> >
> >Does this mean that you've managed to hotfix all deployed Vista/7 boxes
> >on the planet, so that SHA-2 certificates can now be used for Kernel Mode
> >Code Signing?
> >
> >If not, how do you intend to address this issue?
> >
> >(I presume you're not phasing out Windows 7 at the same time as phasing
> >out SHA-1!!)
> >
> >
> >[1] https://technet.microsoft.com/en-us/security/advisory/2880823
> >
> >--
> >Rob Stradling
> >Senior Research & Development Scientist
> >COMODO - Creating Trust Online
> >
> >_______________________________________________
> >Public mailing list
> >Public at cabforum.org
> >https://cabforum.org/mailman/listinfo/public
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140416/55601c1c/attachment-0003.html>
More information about the Public
mailing list