[Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing
Yoshiro YONEYA
yoshiro.yoneya at jprs.co.jp
Mon Jan 24 01:33:54 UTC 2022
JPRS votes YES to Ballot SC53.
--
Yoshiro YONEYA <yoshiro.yoneya at jprs.co.jp>
On Mon, 17 Jan 2022 15:00:14 +0000 Corey Bonnell via Servercert-wg <servercert-wg at cabforum.org> wrote:
>
> Purpose of Ballot
>
>
> Weaknesses regarding the use of the SHA-1 hash algorithm for signatures have
> been known for several years. While there is currently a prohibition on the
> use of CA Private Keys to directly sign OCSP responses using SHA-1, Private
> Keys corresponding to OCSP delegated responders may still be used to sign
> OCSP responses using SHA-1. This ballot establishes a sunset date to
> prohibit delegated OCSP signing with the SHA-1 hash algorithm.
>
>
>
> The following motion has been proposed by Corey Bonnell of DigiCert and
> endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.
>
>
> Motion Begins
>
>
> This ballot modifies the "Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
> based on Version 1.8.0:
> MODIFY the Baseline Requirements as specified in the following Redline:
>
>
> <https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97e
> bb6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f>
> https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97eb
> b6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f
>
>
> Motion Ends
>
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
>
>
>
> Discussion (7+ days)
>
>
> Start time: 2022-01-10 15:00:00 UTC
>
> End time: 2022-01-17 15:00:00 UTC
>
>
>
>
> Vote for approval (7 days)
>
>
> Start time: 2022-01-17 15:00:00 UTC
>
> End time: 2022-01-24 15:00:00 UTC
>
>
>
> Thanks,
>
> Corey
>
More information about the Servercert-wg
mailing list