[cabfpub] FW: Ballot - expiration of SHA1 certificates
Eddy Nigg
eddy_nigg at startcom.org
Mon Sep 8 14:45:32 MST 2014
On 09/08/2014 03:24 PM, Erwann Abalea wrote:
> The problem with SHA1 is its low collision resistance. It's a problem
> with signed objects if the applicant can be hostile (certificate
> request, signed document, timestamp, ...). A subordinate CA, if owned
> and operated by the same entity as the issuing CA, isn't hostile.
Exactly! I think this would go too far especially for transitioning
subscribers. At a future point that requirement could be set with a date
further out.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140909/7e027198/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4553 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20140909/7e027198/attachment.bin
More information about the Public
mailing list