[Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing

Mon Jan 24 14:46:56 UTC 2022

SecureTrust votes Yes on Ballot SC53

From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Corey Bonnell via Servercert-wg
Sent: Monday, January 17, 2022 8:00 AM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: [Servercert-wg] Voting Period Begins on Ballot SC53: Sunset for SHA-1 OCSP Signing

Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad at .

Purpose of Ballot
Weaknesses regarding the use of the SHA-1 hash algorithm for signatures have been known for several years. While there is currently a prohibition on the use of CA Private Keys to directly sign OCSP responses using SHA-1, Private Keys corresponding to OCSP delegated responders may still be used to sign OCSP responses using SHA-1. This ballot establishes a sunset date to prohibit delegated OCSP signing with the SHA-1 hash algorithm.

The following motion has been proposed by Corey Bonnell of DigiCert and endorsed by Ben Wilson of Mozilla and Bruce Morton of Entrust.
Motion Begins
This ballot modifies the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" ("Baseline Requirements"), based on Version 1.8.0:
MODIFY the Baseline Requirements as specified in the following Redline:
https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...637c6959c35bbd93cc451f7b22dfb48ac4255b9f<https://scanmail.trustwave.com/?c=4062&d=pfzq4YJJZl-alND3s8dJJ7WhEEKEYvF_sh8_zw9HVA&s=5&u=https%3a%2f%2fnam10%2esafelinks%2eprotection%2eoutlook%2ecom%2f%3furl%3dhttps%253A%252F%252Fgithub%2ecom%252Fcabforum%252Fservercert%252Fcompare%252Fcda0f92ee70121fd5d692685b97ebb6669c74fb7%2e%2e%2e637c6959c35bbd93cc451f7b22dfb48ac4255b9f%26data%3d04%257C01%257Cbrittany%2540godaddy%2ecom%257C5964bbb929ee4da28b1c08d9d9ca0f11%257Cd5f1622b14a345a6b069003f8dc4851f%257C0%257C0%257C637780284133327224%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%26sdata%3d8MMANZGrQJe6C2WzzNaJSeol3jzPa7ZlJ73sJzXTNt4%253D%26reserved%3d0>
Motion Ends
This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (7+ days)
Start time: 2022-01-10 15:00:00 UTC
End time: 2022-01-17 15:00:00 UTC

Vote for approval (7 days)
Start time: 2022-01-17 15:00:00 UTC
End time: 2022-01-24 15:00:00 UTC

Thanks,
Corey
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220124/6a855784/attachment.html>