[cabfpub] SHA1 options for payment processors

Dean Coclin Dean_Coclin at symantec.com
Thu Mar 10 18:16:46 MST 2016


You misunderstood my point and maybe it was my fault. I wasn't talking about
SHA-1, rather helping out a CA on an issue specific to that CA .

Dean

-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com] 
Sent: Thursday, March 10, 2016 3:05 PM
To: Dean Coclin <Dean_Coclin at symantec.com>; Ryan Sleevi <sleevi at google.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] SHA1 options for payment processors

On 10/03/16 17:30, Dean Coclin wrote:
<snip>
> As I said earlier, there are legacy reasons why these are Symantec 
> customers but that shouldn't have a bearing into finding a solution.
> What if this related to Western Digital customers that are exclusive 
> to Comodo?

Hi Dean.

I'm not sure why you picked https://crt.sh/?caid=6471 as an example. 
The intermediate certificate is signed using sha384WithRSAEncryption, and it
signs end-entity server authentication certificates (that are in scope for
the BRs) using sha256WithRSAEncryption.

No SHA-1 involved.  Also, AIUI, web browsers are the intended clients.

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160310/0436dee7/attachment.bin 


More information about the Public mailing list