[cabfpub] Help to support SHA-1 for POS terminals

Billy VanCannon BVanCannon at trustwave.com
Fri Apr 8 14:15:59 UTC 2016

>-----Original Message-----
>From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rob Stradling
>Sent: Thursday, April 07, 2016 2:32 PM


>What's relevant is to ensure that users of the Web PKI are not put at risk by the continued issuance of SHA-1 certs.  Ensuring that there's a vendor neutral process for supplying SHA-1 certs in 2016 and >beyond seems like a far less important concern to me.

>From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
>Sent: Friday, April 08, 2016 8:02 AM

>On 07/04/16 16:31, Doug Beattie wrote:
>> Rob,
>> They probably do, but is that relevant to the request?

>I'd say yes, it is, because "letting a CA keep business it's already got" is not one of the factors we are considering in our comparative security analysis of the different options. Harsh, perhaps, but correct.

On these two comments.  If a given CA can help their customers outside the CABF and still comply, good for them.  If the CABF puts forth a solution that is not vendor neutral, then it is anti-competitive.


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the Public mailing list