[cabfpub] SHA1 Deprecation Ballot

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Wed Mar 12 16:36:33 MST 2014


On 03/12/2014 02:51 PM, From Doug Beattie:
>
> So, at this time, I’m in favor of:
>
> -Specifying shorter max validity periods for SHA-1 SSL certificates 
> (1-year starting Jan 2015?)
>
> -Setting end dates for the creation of any new Root and Subordinate 
> CAs with SHA-1
>
> -Defining clear messaging to the user community regarding SHA-1
>
> -Setting target dates for the next set of changes for improved 
> security/performance (RSA-4096/ECC/SHA-512/etc)
>
> I’m against:
>
> -Specifying an exact date at which no SHA-1 certificates can be issued 
> globally
>
> -Specifying the detailed legacy exceptions for using SHA-1 after the 
> sunset date
>

Here it starts again...this is exactly what I'm afraid of and thought we 
should avoid. I prefer an exact date binding for all, clear limits when 
and for how long.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140313/1729e5d0/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6156 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20140313/1729e5d0/attachment.bin 


More information about the Public mailing list