[cabfpub] Updates to Microsoft SHA-1 deprecation

Rick Andrews Rick_Andrews at symantec.com
Mon Mar 23 12:32:06 UTC 2015


Thanks for informing us, but I want to be sure I know what you've changed. The post is still dated November 2013. I see a strikethrough and update in the Code Signing Certificates section; is that the only change?


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Anoosh Saboori
Sent: Saturday, March 21, 2015 5:29 PM
To: Bruce Morton
Subject: Re: [cabfpub] Updates to Microsoft SHA-1 deprecation

Windows enforcement dates (i.e., date at which SHA-1 certificates will be rejected by Windows) only apply to SSL and code signing certificates. All other types of certificates will be rejected on Windows side when SHA-1 pre-image attacks are deemed feasible by Microsoft.


From: Bruce Morton [mailto:bruce.morton at entrust.com]
Sent: Friday, March 20, 2015 6:47 PM
To: Anoosh Saboori
Subject: Re: [cabfpub] Updates to Microsoft SHA-1 deprecation

Hi Anoosh,

Thank you for the update.

I don't think the policy for S/MIME certificates has been stated. I see some discussion in the comments. Could you also advise how the SHA-1 deprecation policy applies to S/MIME certificates.

Thanks, Bruce.

On Mar 20, 2015, at 8:57 PM, Anoosh Saboori <ansaboor at microsoft.com<mailto:ansaboor at microsoft.com>> wrote:

I would like to inform you that Microsoft has made update to its SHA-1 deprecation policy to accommodate developers targeting Vista/Server 2008. Please see below.



Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150323/84470bd1/attachment-0003.html>

More information about the Public mailing list