[cabfpub] Proposal of a SHA-1 exception procedure

Andrew R. Whalley awhalley at google.com
Fri Jun 3 20:53:31 UTC 2016


At the face to face meeting in Bilbao we heard there's still a need for new
SHA-1 certs from some sectors, most notably the payment industry, to avoid
outages of critical systems with real world impact.  We discussed if there
was a way we might balance these cases against the vitally important need
to ensure the security and safety of the public PKI.

Please take a look at the proposed procedure, attached.  It outlines a way
for CAs to request an exceptional SHA-1 issuance, including details which
would help with a risk management decision.  It's not a guaranty that any
such issuance would be acceptable, but provides a more structured approach
than what's already occurred this year, e.g. with worldpay.

I look forward to comments.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160603/0170f2c3/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SHA1Procedure1-0.pdf
Type: application/pdf
Size: 114115 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160603/0170f2c3/attachment-0002.pdf>

More information about the Public mailing list