[cabfpub] FW: Ballot - expiration of SHA1 certificates

Eddy Nigg eddy_nigg at startcom.org
Mon Sep 8 21:45:32 UTC 2014


On 09/08/2014 03:24 PM, Erwann Abalea wrote:
> The problem with SHA1 is its low collision resistance. It's a problem 
> with signed objects if the applicant can be hostile (certificate 
> request, signed document, timestamp, ...). A subordinate CA, if owned 
> and operated by the same entity as the issuing CA, isn't hostile.

Exactly! I think this would go too far especially for transitioning 
subscribers. At a future point that requirement could be set with a date 
further out.

-- 
Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140909/7e027198/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4553 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140909/7e027198/attachment-0001.p7s>


More information about the Public mailing list