[Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing

Josselin Allemandou j.allemandou at certigna.com
Wed Jan 19 16:03:47 UTC 2022

Certigna votes YES on Ballot SC53.


De: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > En nombre de Corey Bonnell via
Enviado el: lunes, 17 de enero de 2022 16:00
Para: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Asunto: [Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for
SHA-1 OCSP Signing 

Purpose of Ballot

Weaknesses regarding the use of the SHA-1 hash algorithm for signatures have
been known for several years. While there is currently a prohibition on the
use of CA Private Keys to directly sign OCSP responses using SHA-1, Private
Keys corresponding to OCSP delegated responders may still be used to sign
OCSP responses using SHA-1. This ballot establishes a sunset date to
prohibit delegated OCSP signing with the SHA-1 hash algorithm.


The following motion has been proposed by Corey Bonnell of DigiCert and
endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.

Motion Begins

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 1.8.0:
MODIFY the Baseline Requirements as specified in the following Redline:


Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:


Discussion (7+ days)

Start time: 2022-01-10 15:00:00 UTC

End time: 2022-01-17 15:00:00 UTC


Vote for approval (7 days)

Start time: 2022-01-17 15:00:00 UTC

End time: 2022-01-24 15:00:00 UTC





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220119/f4523bd8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8318 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220119/f4523bd8/attachment.p7s>

More information about the Servercert-wg mailing list