Hello, This is Cybertrust Japan. One of our root CAs uses SHA-1 for CRL signing. But we would like to sunset the use of SHA1. In fact, our plan is to retire this SHA-1 Root of SecureSign Root11 and replace it with its successors. So we are preparing root inclusion requests.
Best, Mo 2022年2月3日木曜日 2:35:58 UTC+9 [email protected]: > For the sake of completeness: Let's Encrypt / ISRG does not sign SHA-1 > hashes for any purpose, and would be amenable to any sunset date. > > We do accept signatures over SHA-1 hashes of CSRs provided by subscribers, > and of course accept SHA-1 hashes for the issuerKeyHash and issuerNameHash > in OCSP requests, but those are not relevant to this proposal. > > Aaron > > On Tuesday, February 1, 2022 at 7:59:37 PM UTC-8 [email protected] wrote: > >> I have emailed CAs in the Mozilla program asking them to respond here. >> >> On Wed, Jan 26, 2022 at 12:41 PM Ryan Sleevi <[email protected]> wrote: >> >>> >>> >>> On Wed, Jan 26, 2022 at 2:00 PM Ben Wilson <[email protected]> wrote: >>> >>>> See responses inline below. >>>> >>>> On Tue, Jan 25, 2022 at 11:12 PM Ryan Sleevi <[email protected]> wrote: >>>> >>>>> It’s not clear: what situations make it appropriate for a CA >>>>> communication, versus discussion here? >>>>> >>>> >>>> Yes. It is preferable that discussion take place here. However, a >>>> survey would still be public, as they have been in the past, and the CCADB >>>> would collect all of the responses in a table format. >>>> >>> >>> Oh, for sure :) I just know that the surveys have historically had >>> delays or had confusion by CAs in interpreting questions, and the survey >>> approach somewhat predates the m.d.s.p. participation requirement. I >>> totally realize that it has benefits for bringing direct awareness, but I >>> raise it to try and understand if the expectation is to always have the two >>> parallel paths for soliciting feedback, or if it might just be sufficient >>> to email blast CAs to say "Hey, here's the discussion, to send feedback, >>> please participate here". That, I think, might achieve the goal of >>> highlighting the importance, while still centralizing some of the >>> conversation :) Just a thought >>> >>> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/3580f530-cfb0-4553-8395-5bdd2757f4ecn%40mozilla.org.
