[cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline
doug.beattie at globalsign.com
Thu Oct 29 11:22:26 MST 2015
Microsoft should have pulled their root from their root store then (with sufficient warning).
From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Thursday, October 29, 2015 1:56 PM
To: Wayne Thayer <wthayer at godaddy.com>
Cc: CABFPub <public at cabforum.org>; Magnus Nyström <mnystrom at microsoft.com>; Doug Beattie <doug.beattie at globalsign.com>; Nazmus Sakib <mdsakib at microsoft.com>
Subject: RE: [cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline
On Oct 29, 2015 10:51 AM, "Wayne Thayer" <wthayer at godaddy.com<mailto:wthayer at godaddy.com>> wrote:
> 8 bytes of entropy in the serialNumber field has been a requirement of Microsoft’s root program since 2013: http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0/revision/15.aspx
And yet a number of notable CAs have been failing that policy for some time.
As it is, it isn't an audited requirement (part of the BRs or WebTrust/ETSI), nor has it been followed since required (for example, one large CA is still a month away from complying), so the risk to platforms is still very real.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public