[cabfpub] FW: Ballot - expiration of SHA1 certificates

Gervase Markham gerv at mozilla.org
Mon Sep 8 12:45:35 UTC 2014

On 08/09/14 13:24, Erwann Abalea wrote:
> The problem with SHA1 is its low collision resistance. It's a problem
> with signed objects if the applicant can be hostile (certificate
> request, signed document, timestamp, ...). A subordinate CA, if owned
> and operated by the same entity as the issuing CA, isn't hostile.

A fair point. However, intermediate certificates tend to live longer
than end-entity certificates, so the risk of continued issuance even
without a potentially hostile applicant is more uncertain.

Is there anything which breaks under the new SHA-1 rules which would
_not_ break if it was permitted to issue SHA-256 EE certs from a SHA-1


More information about the Public mailing list