[cabfpub] LV Certificates

Jeremy Rowley jeremy.rowley at digicert.com
Fri Dec 18 15:21:34 MST 2015

Hi everyone,

Attached is a proposal from Cloudflare and Facebook creating LV certificates in the baseline requirements.  This is a draft ballot for review that will, of course, change based on the debate in the forum. Although CAs will stop issuing SHA-1 on 2016/1/1, there isn't any reason these changes couldn't go into effect in early January (assuming a passing vote).

If adopted, this ballot would permit continued use of SHA1 certificates past the deprecation deadline (to support older devices) but give newer browsers an easy way to reject SHA1 for users.  The ballot also increases the resiliency of SHA1 certs against attacks by requiring higher entropy serial numbers.

I look forward to your comments.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151218/1bf5ecbe/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DRAFT_LV_BallotProposal.pdf
Type: application/pdf
Size: 90421 bytes
Desc: DRAFT_LV_BallotProposal.pdf
Url : https://cabforum.org/pipermail/public/attachments/20151218/1bf5ecbe/attachment-0001.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DRAFT_LV_BallotProposal.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 19426 bytes
Desc: DRAFT_LV_BallotProposal.docx
Url : https://cabforum.org/pipermail/public/attachments/20151218/1bf5ecbe/attachment-0001.bin 

More information about the Public mailing list