[cabfpub] Application for SHA-1 Issuance
Gervase Markham
gerv at mozilla.org
Mon Jul 18 14:32:00 UTC 2016
On 16/07/16 22:29, Dean Coclin wrote:
>> Enclosed please find the application for SHA-1 issuance presented on
>> behalf of our client. Note that the application was fully completed
>> by the client.
This document says:
> * SHA ‐1 certificate on terminal expires on August 3, 2016
> * Terminal may still reside at merchant location
> * Terminal contains an expired certificate
> ...
This is confusing because it makes it sound like the SHA-1 certificates
are client certificates inside the 60K outstanding clients. But the
request is only for issuance of 8 certificates. Is this part of the
document poorly worded?
> Merchants may then be required to purchase a replacement terminal
> which can take numerous days to remedy
Presumably as the terminal in this case can't support SHA-256, this is
the end outcome in all circumstances? If that's the case, why has TSYS
not been either proactively sending terminals to clients, or sending
software updates which notify users to obtain new terminals, or using
some other method of communication to get these terminals replaced
before the deadline?
It says elsewhere that they have got down from 300K to 60K terminals.
What methods led to this reduction? Will the merchant in the above
scenario have ignored one or more communications from TSYS or their
partners requiring them to replace their terminal?
Gerv
More information about the Public
mailing list