[cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline
Ryan Sleevi
sleevi at google.com
Thu Oct 29 10:56:27 MST 2015
On Oct 29, 2015 10:51 AM, "Wayne Thayer" <wthayer at godaddy.com> wrote:
>
> 8 bytes of entropy in the serialNumber field has been a requirement of
Microsoft’s root program since 2013:
http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0/revision/15.aspx
>
>
And yet a number of notable CAs have been failing that policy for some time.
As it is, it isn't an audited requirement (part of the BRs or
WebTrust/ETSI), nor has it been followed since required (for example, one
large CA is still a month away from complying), so the risk to platforms is
still very real.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151029/a5494474/attachment.html
More information about the Public
mailing list