[cabfpub] SHA1 Deprecation Ballot

Erwann Abalea erwann.abalea at keynectis.com
Thu Feb 20 10:20:50 UTC 2014


The Microsoft switch also concerns OCSP responses and CRLs.
I think it also concerns intermediate CAs (was it mentioned here?).

-- 
Erwann ABALEA

Le 19/02/2014 21:01, Ben Wilson a écrit :
>
> I'm not sure whether I've captured it all, but here is a rough draft 
> of a possible ballot for the Baseline Requirements.
>
> Effective immediately CAs SHOULD begin migrating away from using the 
> SHA-1 hashing algorithm to sign SSL/TLS and code signing certificates.
>
> Beginning January 1, 2016, CAs SHALL NOT use the SHA-1 hashing 
> algorithm to sign SSL/TLS or code signing certificates.
>
> Please provide your comments, edits, etc.,
>
> Thanks,
>
> Ben
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140220/b450c872/attachment-0003.html>


More information about the Public mailing list