[cabfpub] Request for six month delay on new Google SHA-1 deprecation policy

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Thu Aug 28 14:36:03 MST 2014

[This is reposted from the Google SHA-1 list]

Ryan, I asked a question yesterday, and am still interested in the answer.  Why not push out the implementation of Google's new policy by six months - in other words, delay the negative UI effect on SHA-1 certs expiring after 2015 until six months from now?

You can see that most or all CAs think Google's current 6-12 week deadline is way too short for many website owners to change out all their current (valid) SHA-1 certs, especially with the holiday season lock-down coming soon (the window for response is actually more like 4 weeks for some retail websites).

Google can accomplish 100% of its stated goals with a six month delay in enforcement (e.g., to March 1, 2015).  This new date would still require all websites to replace all SHA-1 certs by the end of 2015 - Google's stated goal - but in a more reasonable time frame.

Your prior postings have indicated Google has been working on this new policy for six months (February to August, when the new policy was announced).  Why not give website owners and CAs an equal period of time - six months - to respond to the new policy if that new deadline will still achieve all of your goals?  That could make your policy much more successful, and would be appreciated by everyone.

**So how about it, Ryan - will Google help everyone out and postpone its new policy for six months?**

Kirk R. Hall
Operations Director, Trust Services
Trend Micro

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140828/1985d1fe/attachment.html 

More information about the Public mailing list