[cabfpub] LV Certificates

[Jeremy Rowley]

Although to be clear, I’m really looking forward to the discussion on it.  I’d like to hear everyone’s opinion.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Friday, December 18, 2015 3:37 PM
To: Ryan Sleevi
Cc: CABFPub
Subject: Re: [cabfpub] LV Certificates

For now I’m presenting it on behalf of non-members of the Forum, but I will likely sponsor if I get the necessary internal approvals.

From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Friday, December 18, 2015 3:24 PM
To: Jeremy Rowley
Cc: CABFPub
Subject: Re: [cabfpub] LV Certificates

Jeremy,

Is this something DigiCert is endorsing, or are you merely presenting it on behalf of non-members of the Forum in the effort to find sponsors and endorsers?

On Fri, Dec 18, 2015 at 2:21 PM, Jeremy Rowley <jeremy.rowley at digicert.com<mailto:jeremy.rowley at digicert.com>> wrote:
Hi everyone,

Attached is a proposal from Cloudflare and Facebook creating LV certificates in the baseline requirements.  This is a draft ballot for review that will, of course, change based on the debate in the forum. Although CAs will stop issuing SHA-1 on 2016/1/1, there isn’t any reason these changes couldn’t go into effect in early January (assuming a passing vote).

If adopted, this ballot would permit continued use of SHA1 certificates past the deprecation deadline (to support older devices) but give newer browsers an easy way to reject SHA1 for users.  The ballot also increases the resiliency of SHA1 certs against attacks by requiring higher entropy serial numbers.

I look forward to your comments.

Thanks,
Jeremy


_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151218/1acd67d0/attachment-0001.html