[cabfpub] SHA1 options for payment processors
sleevi at google.com
Thu Apr 7 18:36:31 UTC 2016
On Thu, Apr 7, 2016 at 11:34 AM, Peter Bowen <pzb at amzn.com> wrote:
> Would you be able to use the same subject public key and same subject
> distinguished name as their previous certificate?
> Would you be able to use the same certificate profile as your previously
> issued SHA-1 certificates?
> If both are true, then I think that the hash collision risk is heavily
Agreed. Or, perhaps stated differently, if whatever changes is consistent
for all such certificates (and, even more strongly, consistent with
non-SHA1 certificates excluding the signature algorithm), the risk of a CA
colluding seems mitigated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public