[Servercert-wg] [EXTERNAL] Re: OCSP SHA-1 sunset pre-ballot

Bruce Morton Bruce.Morton at entrust.com
Tue Dec 21 14:22:05 UTC 2021

I will endorse as well.


From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Ben Wilson via Servercert-wg
Sent: Monday, December 20, 2021 1:35 PM
To: Corey Bonnell <Corey.Bonnell at digicert.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [EXTERNAL] Re: [Servercert-wg] OCSP SHA-1 sunset pre-ballot

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
I'll endorse.

On Mon, Dec 20, 2021 at 11:26 AM Corey Bonnell via Servercert-wg <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>> wrote:
The current Baseline Requirements allow for OCSP responses to be signed using the SHA-1 hash algorithm if a delegated responder key is used. Given that the weaknesses surrounding the use of SHA-1 have been known for several years, I have prepared the following ballot text, which sunsets the use of SHA-1 for delegated signing on 2022-06-01: https://github.com/cabforum/servercert/pull/330<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/pull/330__;!!FJ-Y8qCqXTj2!O5514IuAlgtnhwt2uxA-UtEeJ260jcbgx2-qhS4t041ZUxqEFfWsWHfYff6CVMBmS8w$>.

I am currently seeking two endorsers as well as any feedback on the ballot content itself (wording, effective dates, etc.).


Servercert-wg mailing list
Servercert-wg at cabforum.org<mailto:Servercert-wg at cabforum.org>
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20211221/fc96b098/attachment.html>

More information about the Servercert-wg mailing list