[cabfpub] SHA1 Deprecation Ballot

Rob Stradling rob.stradling at comodo.com
Thu Mar 13 14:04:15 UTC 2014

On 13/03/14 13:38, Gervase Markham wrote:
> On 13/03/14 12:38, Rob Stradling wrote:
>>> (d) is difficult to patch or replace without substantial economic outlay.
>> As written, I think that if these proposed legacy exceptions apply
>> anywhere, then they apply pretty much everywhere.
>> XP SP2 meets (a), (b) and (d) (where "substantial" means whatever the
>> reader wants it to mean).
> It doesn't meet d); you can install SP3 without substantial economic
> outlay.

If you're running a licensed copy of XP SP2, then yes.

If you're running an unlicensed copy of XP SP2, then no.  SP3 was when 
Windows Genuine Advantage first appeared, IINM, so you would struggle to 
upgrade to SP3 without "substantial economic outlay".  And where would 
you purchase an XP licence from these days anyway?

AIUI, there are _a lot_ of users running XP SP2 for this reason.  Yes, 
it's illegal and we obviously do not condone it, but (as far as this 
proposed ballot is concerned) I would say that these users are still 
"Relying Parties" and what they are using is still "software".

> (I assume that Microsoft de-supporting XP doesn't mean that they
> are pulling down all the downloads relating to it.)

I'm not sure that that's a safe assumption.

"An unsupported version of Windows will no longer receive software 
updates from Windows Update."

Perhaps somebody from Microsoft could clarify?

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list