[Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Jan 18 09:57:03 UTC 2022


HARICA votes "yes" to ballot SC53.

On 17/1/2022 5:00 μ.μ., Corey Bonnell via Servercert-wg wrote:
>
>
>   Purpose of Ballot
>
> Weaknesses regarding the use of the SHA-1 hash algorithm for 
> signatures have been known for several years. While there is currently 
> a prohibition on the use of CA Private Keys to directly sign OCSP 
> responses using SHA-1, Private Keys corresponding to OCSP delegated 
> responders may still be used to sign OCSP responses using SHA-1. This 
> ballot establishes a sunset date to prohibit delegated OCSP signing 
> with the SHA-1 hash algorithm.
>
> The following motion has been proposed by Corey Bonnell of DigiCert 
> and endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.
>
>
>   Motion Begins
>
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates” (“Baseline 
> Requirements”), based on Version 1.8.0:
> MODIFY the Baseline Requirements as specified in the following Redline:
>
> https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f<https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f>
>
>
>   Motion Ends
>
> This ballot proposes a Final Maintenance Guideline. The procedure for 
> approval of this ballot is as follows:
>
>
>     Discussion (7+ days)
>
> Start time: 2022-01-10 15:00:00 UTC
>
> End time: 2022-01-17 15:00:00 UTC
>
>
>     Vote for approval (7 days)
>
> Start time: 2022-01-17 15:00:00 UTC
>
> End time: 2022-01-24 15:00:00 UTC
>
> Thanks,
>
> Corey
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220118/60254c95/attachment-0001.html>


More information about the Servercert-wg mailing list