[cabfpub] Ballot - expiration of SHA1 certificates
Rick Andrews
Rick_Andrews at symantec.com
Fri Sep 5 23:28:43 UTC 2014
Yes, I think that was the consensus we reached a while ago when this came up. Thanks for the clarification of my clarification.
-----Original Message-----
From: Brian Smith [mailto:brian at briansmith.org]
Sent: Friday, September 05, 2014 4:27 PM
To: Rick Andrews
Cc: Tom Albertson; public at cabforum.org
Subject: Re: [cabfpub] Ballot - expiration of SHA1 certificates
On Fri, Sep 5, 2014 at 4:16 PM, Rick Andrews <Rick_Andrews at symantec.com> wrote:
> Tom, I think it would help to clarify that the SHA-1 deprecation
> policy doesn’t apply to OCSP responses. Earlier discussion in this
> Forum seemed to exhibit consensus around the continued acceptability
> of the use of SHA-1 where hash algorithms are called for (in the
> issuer NameHash and issuer KeyHash, for example). Even though the BRs
> say (Section 13.2.5) that OCSP responses must conform to RFC 2560
> and/or RFC 5019, and those explicitly call for SHA-1, I’d like to see
> an affirmation (probably in Section 13.2.5) that SHA-1 is still allowed in this one case.
Rick,
A hash algorithm is used in three places in OCSP:
1. The ResponderID construct (through KeyHash), to identify a certificate by the hash of its public key.
2. The CertID construct.
3. The signature of the OCSP response.
I assume that you want to continue to allow SHA-1 in CertID and ResponderID. But, I don't see any reason to continue to allow SHA-1 in the signature of the OCSP response, so OCSP response signatures should be switched to SHA-256 too, even if SHA-1 remains acceptable in CertID and ResponderID. Is that what you are thinking too?
Cheers,
Brian
More information about the Public
mailing list