[cabfpub] SHA-1 Collision Found

Rob Stradling rob.stradling at comodo.com
Fri Feb 24 12:09:44 MST 2017


On 24/02/17 18:34, Gervase Markham via Public wrote:
> Hi Philip,
>
> This is a useful timeline. It may be missing a few items, though:
>
> On 24/02/17 09:58, philliph--- via Public wrote:
>> The availability of HSMs is a concern but it is actually the very last
>> but one on the critical path which is at present
>>
>> * NIST issues FIPS (done)
>> * IETF publishes specification (started on this)
>> * CABForum amends guidelines to permit use
>
> * OS vendors and crypto libraries add support
>
>> * Browsers add support
>> * HSM vendors ship product
>> * CAs issue certificates.
>
> There is also another item: "Root store policies amended to permit use".
> However, where that goes and where the CAB Forum item goes is flexible;
> both have to happen before "CAs issue certificates" but they don't
> necessarily have to happen earlier than that. Having said that, I can
> see a case for a CAB Forum "motion of intent" to set direction. What
> algorithms other than SHA-3 would we want to include in such a motion?

My current wishlist:

Various EdDSA algorithms.  See RFC8032 and 
https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/

BLAKE2.  See RFC7693.  (No signature algorithm OIDs exist yet, AFAICT).

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online


More information about the Public mailing list