[cabfpub] FW: Ballot - expiration of SHA1 certificates

Erwann Abalea erwann.abalea at opentrust.com
Mon Sep 8 12:24:17 UTC 2014


I agree with the general idea, which is to get rid of SHA1 for signature 
purpose. However, let's play devil's advocate.

Le 06/09/2014 00:47, Tom Albertson a écrit :
> [...]
> *_9.4.2 Root CA Certificates_*
> __
> _The SHA-1 deprecation policy and Validity Dates DO NOT apply to Root 
> CA certificates.  CAs MAY continue to use their existing SHA-1 Root 
> Certificates. __CAs MUST use SHA-2 or successor hash algorithms to 
> sign any Subscriber certificates, Subordinate CA certificates, and 
> CRLs effective 1 January 2016._
> __
> __
> *_9.4.3 Subordinate CA Certificates_*
> __
> _Effective 1 January 2016, CAs MUST NOT issue Subordinate CA 
> Certificates that utilize the SHA-1 algorithm._

Even for non-{SSL, CS} purpose?

> _  CAs MUST NOT issue SHA-2 Subscriber certificates under SHA-1 
> Subordinate CA Certificates._

Why? Issuing SHA2-signed subscriber certificates under a CA has no 
impact on the resistance of the CA's own certificate, whether this one 
is SHA1-signed or anything else.

The problem with SHA1 is its low collision resistance. It's a problem 
with signed objects if the applicant can be hostile (certificate 
request, signed document, timestamp, ...). A subordinate CA, if owned 
and operated by the same entity as the issuing CA, isn't hostile.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140908/1ecf9894/attachment-0003.html>

More information about the Public mailing list