[Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing

Corey Bonnell Corey.Bonnell at digicert.com
Mon Jan 17 14:59:58 UTC 2022

Purpose of Ballot

Weaknesses regarding the use of the SHA-1 hash algorithm for signatures have
been known for several years. While there is currently a prohibition on the
use of CA Private Keys to directly sign OCSP responses using SHA-1, Private
Keys corresponding to OCSP delegated responders may still be used to sign
OCSP responses using SHA-1. This ballot establishes a sunset date to
prohibit delegated OCSP signing with the SHA-1 hash algorithm.


The following motion has been proposed by Corey Bonnell of DigiCert and
endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.

Motion Begins

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 1.8.0:
MODIFY the Baseline Requirements as specified in the following Redline:


Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:


Discussion (7+ days)

Start time: 2022-01-10 15:00:00 UTC

End time: 2022-01-17 15:00:00 UTC


Vote for approval (7 days)

Start time: 2022-01-17 15:00:00 UTC

End time: 2022-01-24 15:00:00 UTC




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220117/4c6a54d0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220117/4c6a54d0/attachment.p7s>

More information about the Servercert-wg mailing list