[cabfpub] SHA1 options for payment processors

Ryan Sleevi sleevi at google.com
Thu Apr 7 18:36:31 UTC 2016

On Thu, Apr 7, 2016 at 11:34 AM, Peter Bowen <pzb at amzn.com> wrote:

> Doug,
> Would you be able to use the same subject public key and same subject
> distinguished name as their previous certificate?
> Would you be able to use the same certificate profile as your previously
> issued SHA-1 certificates?
> If both are true, then I think that the hash collision risk is heavily
> mitigated.

Agreed. Or, perhaps stated differently, if whatever changes is consistent
for all such certificates (and, even more strongly, consistent with
non-SHA1 certificates excluding the signature algorithm), the risk of a CA
colluding seems mitigated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160407/3ab2c6b0/attachment-0003.html>

More information about the Public mailing list