[Servercert-wg] OCSP SHA-1 sunset pre-ballot

Corey Bonnell Corey.Bonnell at digicert.com
Mon Dec 20 18:26:28 UTC 2021


The current Baseline Requirements allow for OCSP responses to be signed
using the SHA-1 hash algorithm if a delegated responder key is used. Given
that the weaknesses surrounding the use of SHA-1 have been known for several
years, I have prepared the following ballot text, which sunsets the use of
SHA-1 for delegated signing on 2022-06-01:


I am currently seeking two endorsers as well as any feedback on the ballot
content itself (wording, effective dates, etc.).





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20211220/0de3e732/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20211220/0de3e732/attachment.p7s>

More information about the Servercert-wg mailing list