[cabfpub] FW: Ballot - expiration of SHA1 certificates
Erwann Abalea
erwann.abalea at opentrust.com
Mon Sep 8 12:24:17 UTC 2014
Bonjour,
I agree with the general idea, which is to get rid of SHA1 for signature
purpose. However, let's play devil's advocate.
Le 06/09/2014 00:47, Tom Albertson a écrit :
> [...]
>
> *_9.4.2 Root CA Certificates_*
>
> __
>
> _The SHA-1 deprecation policy and Validity Dates DO NOT apply to Root
> CA certificates. CAs MAY continue to use their existing SHA-1 Root
> Certificates. __CAs MUST use SHA-2 or successor hash algorithms to
> sign any Subscriber certificates, Subordinate CA certificates, and
> CRLs effective 1 January 2016._
>
> __
>
> __
>
> *_9.4.3 Subordinate CA Certificates_*
>
> __
>
> _Effective 1 January 2016, CAs MUST NOT issue Subordinate CA
> Certificates that utilize the SHA-1 algorithm._
>
Even for non-{SSL, CS} purpose?
> _ CAs MUST NOT issue SHA-2 Subscriber certificates under SHA-1
> Subordinate CA Certificates._
>
Why? Issuing SHA2-signed subscriber certificates under a CA has no
impact on the resistance of the CA's own certificate, whether this one
is SHA1-signed or anything else.
The problem with SHA1 is its low collision resistance. It's a problem
with signed objects if the applicant can be hostile (certificate
request, signed document, timestamp, ...). A subordinate CA, if owned
and operated by the same entity as the issuing CA, isn't hostile.
Cordialement.
--
Erwann ABALEA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140908/1ecf9894/attachment-0003.html>
More information about the Public
mailing list