[cabfpub] SHA-1 Collision Found

Gervase Markham gerv at mozilla.org
Fri Feb 24 18:34:57 UTC 2017

Hi Philip,

This is a useful timeline. It may be missing a few items, though:

On 24/02/17 09:58, philliph--- via Public wrote:
> The availability of HSMs is a concern but it is actually the very last
> but one on the critical path which is at present
> * NIST issues FIPS (done)
> * IETF publishes specification (started on this)
> * CABForum amends guidelines to permit use

* OS vendors and crypto libraries add support

> * Browsers add support
> * HSM vendors ship product
> * CAs issue certificates.

There is also another item: "Root store policies amended to permit use".
However, where that goes and where the CAB Forum item goes is flexible;
both have to happen before "CAs issue certificates" but they don't
necessarily have to happen earlier than that. Having said that, I can
see a case for a CAB Forum "motion of intent" to set direction. What
algorithms other than SHA-3 would we want to include in such a motion?


More information about the Public mailing list