[cabfpub] Revisions to SHA-1 exception process?

Dean Coclin Dean_Coclin at symantec.com
Tue Aug 2 13:36:23 UTC 2016

Although I won't be on the call this week, I've added it to the agenda and
perhaps if Rick is joining, he can give Symantec's comments. Others are of
course welcome.


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Tuesday, August 02, 2016 5:48 AM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] Revisions to SHA-1 exception process?

On 02/08/16 03:37, Rick Andrews wrote:
> Symantec applied for, and received, approval from Microsoft, Google, 
> Mozilla and Apple to issue seven SHA-1 certificates.

Now that we have gone through the process for the first time, we should
consider how it went and if we can make it both more secure and perhaps more
streamlined in future. Several suggestions were made during the process for
changes; perhaps now is the time for their proponents to re-state them, with
rationale, and we can discuss them.

(When I say "the process", I guess I mean the process documented by Google,
which Mozilla considers a superset of its requirements. I am assuming that
Google is open to discussion of further modifications to that document in
the light of experience; if not, they should please let us know.)


Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160802/9f0ac7db/attachment-0001.p7s>

More information about the Public mailing list