[cabfpub] FW: Ballot - expiration of SHA1 certificates

Erwann Abalea erwann.abalea at opentrust.com
Mon Sep 8 05:24:17 MST 2014


Bonjour,

I agree with the general idea, which is to get rid of SHA1 for signature 
purpose. However, let's play devil's advocate.

Le 06/09/2014 00:47, Tom Albertson a écrit :
> [...]
>
> *_9.4.2 Root CA Certificates_*
>
> __
>
> _The SHA-1 deprecation policy and Validity Dates DO NOT apply to Root 
> CA certificates.  CAs MAY continue to use their existing SHA-1 Root 
> Certificates. __CAs MUST use SHA-2 or successor hash algorithms to 
> sign any Subscriber certificates, Subordinate CA certificates, and 
> CRLs effective 1 January 2016._
>
> __
>
> __
>
> *_9.4.3 Subordinate CA Certificates_*
>
> __
>
> _Effective 1 January 2016, CAs MUST NOT issue Subordinate CA 
> Certificates that utilize the SHA-1 algorithm._
>

Even for non-{SSL, CS} purpose?

> _  CAs MUST NOT issue SHA-2 Subscriber certificates under SHA-1 
> Subordinate CA Certificates._
>

Why? Issuing SHA2-signed subscriber certificates under a CA has no 
impact on the resistance of the CA's own certificate, whether this one 
is SHA1-signed or anything else.


The problem with SHA1 is its low collision resistance. It's a problem 
with signed objects if the applicant can be hostile (certificate 
request, signed document, timestamp, ...). A subordinate CA, if owned 
and operated by the same entity as the issuing CA, isn't hostile.

Cordialement.

-- 
Erwann ABALEA


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140908/1ecf9894/attachment.html 


More information about the Public mailing list