, 2016 4:55 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: SHA-1 S/MIME certificates
On 01/04/2016 12:44, Varga Viktor wrote:
> Hi,
>
> My replies are inline marked with ***
>
> regards, Viktor Varga / Netlock
>
> -Original Message-
> From: dev-securi
cy [mailto:dev-security-policy-bounces+varga.viktor
> =netlock...@lists.mozilla.org] On Behalf Of Jeremy Rowley
> Sent: Wednesday, March 30, 2016 10:54 PM
> To: Jakob Bohm <jb-mozi...@wisemo.com>;
> mozilla-dev-security-pol...@lists.mozilla.org
> Subject: RE: SHA-1 S/MIME certificate
;jb-mozi...@wisemo.com>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: SHA-1 S/MIME certificates
I think a required move away from SHA1 client certs requires a bit more
planning.
1) There hasn't been a formal deprecation of all SHA-1 certificates in any root
store policy. The
On 03/30/16 20:53, Jeremy Rowley wrote:
> I think a required move away from SHA1 client certs requires a bit
> more planning.
>
> 1) There hasn't been a formal deprecation of all SHA-1 certificates
> in any root store policy. There has been a formal deprecation by the
> CAB Forum of SHA1 server
On Wed, Mar 30, 2016 at 2:23 PM, Kathleen Wilson
wrote:
> On 3/30/16 1:53 PM, Jeremy Rowley wrote:
>
>> I think a required move away from SHA1 client certs requires a bit more
>> planning.
>>
>> 1) There hasn't been a formal deprecation of all SHA-1 certificates in
>> any
On 3/30/16 1:53 PM, Jeremy Rowley wrote:
I think a required move away from SHA1 client certs requires a bit more
planning.
1) There hasn't been a formal deprecation of all SHA-1 certificates in any root
store policy. There has been a formal deprecation by the CAB Forum of SHA1
server
v-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert@lists.mozilla.org]
On Behalf Of Jakob Bohm
Sent: Wednesday, March 30, 2016 12:06 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: SHA-1 S/MIME certificates
On 30/03/2016 18:49, Kathleen Wi
emy.rowley=digicert@lists.mozilla.org]
On Behalf Of Jakob Bohm
Sent: Wednesday, March 30, 2016 12:06 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: SHA-1 S/MIME certificates
On 30/03/2016 18:49, Kathleen Wilson wrote:
> All,
>
> In response to the 'March 2016
1 S/MIME
> certificates. Do we really have to stop issue after 2017?
I will appreciate your thoughtful and constructive input into setting
reasonable expectations for CAs in regards to SHA-1 S/MIME certificates.
Thanks,
Kathleen
I would suggest the following minimum requirements:
1. Any 3rd
ificate Program will either expire or be revoked. ..."
ACTION #1c is where CAs should provide information about their plans regarding
SHA-1 S/MIME certificates, and any other types of SHA-1 certificates still
being issued that chain up to the CA's included root certificates.
I will greatly a
All,
In response to the 'March 2016 CA Communication' I received the
following question from a CA. I think we should discuss it here, because
I suspect there will be other CAs in this same situation.
> We have a problem since we still issue SHA-1 S/MIME
> certificates. Do we reall
11 matches
Mail list logo