[Servercert-wg] OCSP SHA-1 sunset pre-ballot

Ben Wilson bwilson at mozilla.com
Mon Dec 20 18:35:03 UTC 2021


I'll endorse.

On Mon, Dec 20, 2021 at 11:26 AM Corey Bonnell via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Hello,
>
> The current Baseline Requirements allow for OCSP responses to be signed
> using the SHA-1 hash algorithm if a delegated responder key is used. Given
> that the weaknesses surrounding the use of SHA-1 have been known for
> several years, I have prepared the following ballot text, which sunsets the
> use of SHA-1 for delegated signing on 2022-06-01:
> https://github.com/cabforum/servercert/pull/330.
>
>
>
> I am currently seeking two endorsers as well as any feedback on the ballot
> content itself (wording, effective dates, etc.).
>
>
>
> Thanks,
>
> Corey
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20211220/7fe3402b/attachment.html>


More information about the Servercert-wg mailing list