[cabfpub] Ballot - expiration of SHA1 certificates

Rick Andrews Rick_Andrews at symantec.com
Fri Sep 5 23:28:43 UTC 2014

Yes, I think that was the consensus we reached a while ago when this came up. Thanks for the clarification of my clarification.

-----Original Message-----
From: Brian Smith [mailto:brian at briansmith.org] 
Sent: Friday, September 05, 2014 4:27 PM
To: Rick Andrews
Cc: Tom Albertson; public at cabforum.org
Subject: Re: [cabfpub] Ballot - expiration of SHA1 certificates

On Fri, Sep 5, 2014 at 4:16 PM, Rick Andrews <Rick_Andrews at symantec.com> wrote:
> Tom, I think it would help to clarify that the SHA-1 deprecation 
> policy doesn’t apply to OCSP responses. Earlier discussion in this 
> Forum seemed to exhibit consensus around the continued acceptability 
> of the use of SHA-1 where hash algorithms are called for (in the 
> issuer NameHash and issuer KeyHash, for example). Even though the BRs 
> say (Section 13.2.5) that OCSP responses must conform to RFC 2560 
> and/or RFC 5019, and those explicitly call for SHA-1, I’d like to see 
> an affirmation (probably in Section 13.2.5) that SHA-1 is still allowed in this one case.


A hash algorithm is used in three places in OCSP:

1. The ResponderID construct (through KeyHash), to identify a certificate by the hash of its public key.
2. The CertID construct.
3. The signature of the OCSP response.

I assume that you want to continue to allow SHA-1 in CertID and ResponderID. But, I don't see any reason to continue to allow SHA-1 in the signature of the OCSP response, so OCSP response signatures should be switched to SHA-256 too, even if SHA-1 remains acceptable in CertID and ResponderID. Is that what you are thinking too?


More information about the Public mailing list