[cabfpub] Allowing SHA-1 OCSP and CRL signatures past 2016
Ryan Sleevi
sleevi at google.com
Sat Oct 22 01:20:04 UTC 2016
On Fri, Oct 21, 2016 at 4:51 PM, Wayne Thayer via Public <
public at cabforum.org> wrote:
> This is already part of the Microsoft policy:
>
>
>
> *4(A).17 - A CA must either technically constrain an OCSP responder such
> that the only EKU allowed is OCSP Signing or it must not use SHA-1 to sign
> OCSP responses.*
>
>
>
> Are there objections to modifying section 7.1.3 to align with Microsoft’s
> policy?
>
This sounds perfectly reasonable.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161021/e193cc22/attachment-0003.html>
More information about the Public
mailing list