[cabfpub] Ballot 118 - SHA1 Sunset

[Adam Langley]

On Tue, Oct 28, 2014 at 10:37 AM, Rick Andrews
<Rick_Andrews at symantec.com> wrote:
> Firefox and Chromium do not check CRLs, but Google parses some CRLs to build
> its CRLSets, and Mozilla plans to do something similar with OneCRL. So both
> companies rely on CRLs, and it would be helpful to know that switching the
> CRL for a SHA-1 root from SHA-1 to SHA-2 will not cause any problems.

SHA-256 signed CRLs are fine for CRLSet generation.


Cheers

AGL