[cabfpub] SHA1 options for payment processors

Dean Coclin Dean_Coclin at symantec.com
Fri Mar 11 01:16:46 UTC 2016

You misunderstood my point and maybe it was my fault. I wasn't talking about
SHA-1, rather helping out a CA on an issue specific to that CA .


-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com] 
Sent: Thursday, March 10, 2016 3:05 PM
To: Dean Coclin <Dean_Coclin at symantec.com>; Ryan Sleevi <sleevi at google.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] SHA1 options for payment processors

On 10/03/16 17:30, Dean Coclin wrote:
> As I said earlier, there are legacy reasons why these are Symantec 
> customers but that shouldn't have a bearing into finding a solution.
> What if this related to Western Digital customers that are exclusive 
> to Comodo?

Hi Dean.

I'm not sure why you picked https://crt.sh/?caid=6471 as an example. 
The intermediate certificate is signed using sha384WithRSAEncryption, and it
signs end-entity server authentication certificates (that are in scope for
the BRs) using sha256WithRSAEncryption.

No SHA-1 involved.  Also, AIUI, web browsers are the intended clients.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160310/0436dee7/attachment-0001.p7s>

More information about the Public mailing list