[cabfpub] Mozilla SHA-1 further restrictions
Gervase Markham
gerv at mozilla.org
Thu Nov 17 13:45:04 UTC 2016
On 17/11/16 12:42, Rob Stradling wrote:
> Gerv, why must the EKU extension be critical?
Are you saying that making it critical causes problems?
> I don't remember ever seeing an intermediate cert with a critical EKU
> extension. It would be unfortunate if your "further restrictions" lead
> to CAs reissuing their SHA-1 intermediates!
I don't see much risk in a CA reissuing a SHA-1 intermediate /per se/,
because I am assuming that CAs are not trying to engineer collisions.
Gerv
More information about the Public
mailing list