> -----Original Message----- > On 1/9/09 12:51 PM, Johnathan Nightingale wrote: > > > - Do the work to arm ourselves so that when we are confident pulling > > the trigger, we can actually do so with minimal changes (in case it > > happens in a point release, for instance) > > - Establish our feelings around how much of the net we are comfortable > > invalidating if we kill an algorithm > > - Establish a timeline we think is compatible with that > > Benjamin Smedberg wrote: > Is it possible to disable the MD5 algorigthm for EV certificate chains > sooner than for regular (DV) certificate chains? Or even disable SHA1 for > EV > chains and require SHA-256? >
MD5 is already not an option for EV SSL certs. The only place MD5 is permitted is in the (EV) root certificate, and (as has been written about recently on dev-tech-crypto) the trust anchor is protected by other means than its signature. Regards Robin _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto