[Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing
Inigo Barreira
Inigo.Barreira at sectigo.com
Tue Jan 18 16:13:29 UTC 2022
Sectigo votes YES
De: Servercert-wg <servercert-wg-bounces at cabforum.org> En nombre de Corey
Bonnell via Servercert-wg
Enviado el: lunes, 17 de enero de 2022 16:00
Para: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org>
Asunto: [Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for
SHA-1 OCSP Signing
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.
Purpose of Ballot
Weaknesses regarding the use of the SHA-1 hash algorithm for signatures have
been known for several years. While there is currently a prohibition on the
use of CA Private Keys to directly sign OCSP responses using SHA-1, Private
Keys corresponding to OCSP delegated responders may still be used to sign
OCSP responses using SHA-1. This ballot establishes a sunset date to
prohibit delegated OCSP signing with the SHA-1 hash algorithm.
The following motion has been proposed by Corey Bonnell of DigiCert and
endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.
Motion Begins
This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 1.8.0:
MODIFY the Baseline Requirements as specified in the following Redline:
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fcompare%2Fcda0f92ee70121fd5d692685b97ebb6669c74f
b7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f&data=04%7C01%7Cinigo.barreira%
40sectigo.com%7C2bd811f8f2fd4087d0fc08d9d9ca0ef0%7C0e9c48946caa465d96604b696
8b49fb7%7C0%7C0%7C637780284140076794%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TTBl52gR%2F
%2FaqoaOae4NviaxHTbg7ru5zM6G54XilQrY%3D&reserved=0>
https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97eb
b6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f
Motion Ends
This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:
Discussion (7+ days)
Start time: 2022-01-10 15:00:00 UTC
End time: 2022-01-17 15:00:00 UTC
Vote for approval (7 days)
Start time: 2022-01-17 15:00:00 UTC
End time: 2022-01-24 15:00:00 UTC
Thanks,
Corey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220118/67f2a8a7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6853 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220118/67f2a8a7/attachment.p7s>
More information about the Servercert-wg
mailing list