[cabfpub] Ballot 118 - SHA1 Sunset

Adam Langley agl at google.com
Tue Oct 28 17:41:57 UTC 2014

On Tue, Oct 28, 2014 at 10:37 AM, Rick Andrews
<Rick_Andrews at symantec.com> wrote:
> Firefox and Chromium do not check CRLs, but Google parses some CRLs to build
> its CRLSets, and Mozilla plans to do something similar with OneCRL. So both
> companies rely on CRLs, and it would be helpful to know that switching the
> CRL for a SHA-1 root from SHA-1 to SHA-2 will not cause any problems.

SHA-256 signed CRLs are fine for CRLSet generation.



More information about the Public mailing list