[cabfpub] SHA-1 Collision Found
Ryan Sleevi
sleevi at google.com
Fri Feb 24 19:14:20 UTC 2017
On Fri, Feb 24, 2017 at 9:58 AM, philliph at comodo.com <philliph at comodo.com>
wrote:
>
> Well as it happens, that is not a problem.
>
> * There is a set of FIPS requirements and testing regimes etc. for SHA-3
> * There are HSMs that have met those requirements.
>
> What is a concern related to HSMs is that the transition is widely
> supported so CAs do not have to make major changes to their infrastructure
> or change suppliers or use different hardware for SHA-3 certificates.
>
> The availability of HSMs is a concern but it is actually the very last but
> one on the critical path which is at present
>
> * NIST issues FIPS (done)
> * IETF publishes specification (started on this)
> * CABForum amends guidelines to permit use
> * Browsers add support
> * HSM vendors ship product
> * CAs issue certificates.
>
As indicated before, I believe you have critically misordered these
requirements, which may be the source of our disagreement. I do not expect
you to agree, but I hope you can understand why, from my perspective, the
order is:
* NIST issues FIPS (done)
* IETF publishes specification (started on this)
* HSM vendors ship product
* CABForum amends guidelines to permit use
* Browsers add support
* CAs issue certificates.
That is, I see the HSM discussion happening in parallel to permitting, but
I see both as blocking for browsers adding support.
> The issue is irrelevant.
>
We will disagree, then, and given the remainder of the mail, it's perhaps
best that you and I stop talking about this, as we recognize our
disagreement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170224/a9fa4968/attachment-0003.html>
More information about the Public
mailing list