[cabfpub] SHA-1 Update to S/MIME?

Gervase Markham gerv at mozilla.org
Wed Jun 21 10:02:26 UTC 2017

On 21/06/17 11:19, Phillip via Public wrote:
> Did I hear Gerv mention that there is a plan to remove SHA-1 from the
> S/MIME? Sound difficult on my end.
> One of the major issues with S/MIME has been that there is no way to
> negotiate cipher suites in an async protocol. 

Exactly how this would work remains to be worked out, but it might
involve the following steps:

* Publicly-trusted CAs stopping issuing SHA-1 email certs
* Clients no longer permitting the creation of emails using SHA-1 certs
* Clients warning about the receipt of emails signed using SHA-1 certs

I agree it will be a while before clients could refuse to decode emails
signed using SHA-1 certs, i.e. remove the algorithm from their codebases.


More information about the Public mailing list