[cabfpub] SHA-1 Update to S/MIME?
Gervase Markham
gerv at mozilla.org
Wed Jun 21 10:02:26 UTC 2017
On 21/06/17 11:19, Phillip via Public wrote:
> Did I hear Gerv mention that there is a plan to remove SHA-1 from the
> S/MIME? Sound difficult on my end.
>
> One of the major issues with S/MIME has been that there is no way to
> negotiate cipher suites in an async protocol.
Exactly how this would work remains to be worked out, but it might
involve the following steps:
* Publicly-trusted CAs stopping issuing SHA-1 email certs
* Clients no longer permitting the creation of emails using SHA-1 certs
* Clients warning about the receipt of emails signed using SHA-1 certs
I agree it will be a while before clients could refuse to decode emails
signed using SHA-1 certs, i.e. remove the algorithm from their codebases.
Gerv
More information about the Public
mailing list