[Servercert-wg] Discussion Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing

Joanna Fox joanna at trustcorsystems.com
Wed Jan 19 18:17:05 UTC 2022


TrustCor Systems votes “Yes” to Ballot SC53

Joanna Fox
Head of Digital Certificate Compliance
https://www.trustcor.com
Joanna at trustcorsystems.com



> On Jan 10, 2022, at 8:00 AM, Corey Bonnell via Servercert-wg <servercert-wg at cabforum.org> wrote:
> 
> Purpose of Ballot <>
> Weaknesses regarding the use of the SHA-1 hash algorithm for signatures have been known for several years. While there is currently a prohibition on the use of CA Private Keys to directly sign OCSP responses using SHA-1, Private Keys corresponding to OCSP delegated responders may still be used to sign OCSP responses using SHA-1. This ballot establishes a sunset date to prohibit delegated OCSP signing with the SHA-1 hash algorithm.
> 
> The following motion has been proposed by Corey Bonnell of DigiCert and endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.
> Motion Begins
> This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version 1.8.0:
> MODIFY the Baseline Requirements as specified in the following Redline:
> https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f <https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f>
> Motion Ends
> This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
> 
> Discussion (7+ days)
> Start time: 2022-01-10 15:00:00 UTC
> End time: Not before 2022-01-17 15:00:00 UTC
> 
> Vote for approval (7 days)
> Start time: TBD
> End time: TBD
> 
> Thanks,
> Corey
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org <mailto:Servercert-wg at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/servercert-wg <https://lists.cabforum.org/mailman/listinfo/servercert-wg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220119/184f5867/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220119/184f5867/attachment-0001.sig>


More information about the Servercert-wg mailing list