[cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline
Eddy Nigg
eddy_nigg at startcom.org
Wed Oct 28 20:36:09 UTC 2015
On 10/28/2015 10:20 PM, Jody Cloutier wrote:
>
> In light of the recent news about potential SHA-1 vulnerabilities,
> Microsoft is considering changes to its SHA-1 deprecation policy, and
> we would like industry feedback on the ramification.
>
> Generally, Microsoft proposes that it will move in the
> previously-announced January 1, 2017 date at which Windows products
> would no longer trust SHA-1 certificates issued by roots in the
> Trusted Root Program and signed with the Mark of the Web. *This
> proposal would change that date to June 1, 2016.*
>
I think this would result in major issues for many web site owners and
the issuing CA since the plan called for the 2017 deadline AND....
> 3.CAs may not issue SHA-1 certificates after December 31, 2016 (this
> is more restrictive than the current CAB Forum guidelines)
>
...I think this is crucial and will probably prevent the attack vectors
on SHA1 as currently known. I believe that already issued SHA1
certificates should be save except in case it was possible to forge a
hash on a certificate already by now.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151028/3d529967/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151028/3d529967/attachment-0001.p7s>
More information about the Public
mailing list