[cabfpub] Application for SHA-1 Issuance
Dean Coclin
Dean_Coclin at symantec.com
Thu Jul 21 21:53:47 UTC 2016
Geoff,
Thank you for the additional feedback. It seems that several parties have similar comments.
Is it the consensus of the community to request that TSYS resubmit the TBS certificates, even though the counter crypt analysis so far has shown no issues? I realize that is an independent function but please provide feedback if you would like TSYS to do as Geoff suggests as soon as possible.
Thanks,
Dean
-----Original Message-----
From: geoffk at apple.com [mailto:geoffk at apple.com]
Sent: Thursday, July 21, 2016 3:48 PM
To: Dean Coclin <Dean_Coclin at symantec.com>
Cc: Ryan Sleevi <sleevi at google.com>; Bryan Smoak <BryanSmoak at tsys.com>; Andrew Ayer <andrew at sslmate.com>; Nick Lamb <tialaramex at gmail.com>; public at cabforum.org
Subject: Re: [cabfpub] Application for SHA-1 Issuance
> On 21 Jul 2016, at 11:23 AM, Dean Coclin <Dean_Coclin at symantec.com> wrote:
>
> "The value at the end of the OU, is an independent cryptographically created
> identity value used by TSYS Support for the sole purpose of identifying the
> site where the services terminate.
Numerous people have commented on this item. It appears cryptographically suspicious. I doubt any explanation will make it less suspicious. I would therefore encourage TSYS to remove it (or replace the random data with ‘aaaa’ as necessary to fit their format) in a new request. The new request should use preferably the public key from a previous certificate, or at least the key from this certificate, and otherwise have minimal changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160721/63995cf2/attachment-0001.p7s>
More information about the Public
mailing list