RE: SHA-1 S/MIME certificates

2016-04-04 Thread Jeremy Rowley
, 2016 4:55 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: SHA-1 S/MIME certificates On 01/04/2016 12:44, Varga Viktor wrote: > Hi, > > My replies are inline marked with *** > > regards, Viktor Varga / Netlock > > -Original Message- > From: dev-securi

Re: SHA-1 S/MIME certificates

2016-04-01 Thread Steve
cy [mailto:dev-security-policy-bounces+varga.viktor > =netlock...@lists.mozilla.org] On Behalf Of Jeremy Rowley > Sent: Wednesday, March 30, 2016 10:54 PM > To: Jakob Bohm <jb-mozi...@wisemo.com>; > mozilla-dev-security-pol...@lists.mozilla.org > Subject: RE: SHA-1 S/MIME certificate

RE: SHA-1 S/MIME certificates

2016-04-01 Thread Varga Viktor
;jb-mozi...@wisemo.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: RE: SHA-1 S/MIME certificates I think a required move away from SHA1 client certs requires a bit more planning. 1) There hasn't been a formal deprecation of all SHA-1 certificates in any root store policy. The

Re: SHA-1 S/MIME certificates

2016-03-31 Thread Charles Reiss
On 03/30/16 20:53, Jeremy Rowley wrote: > I think a required move away from SHA1 client certs requires a bit > more planning. > > 1) There hasn't been a formal deprecation of all SHA-1 certificates > in any root store policy. There has been a formal deprecation by the > CAB Forum of SHA1 server

Re: SHA-1 S/MIME certificates

2016-03-30 Thread Andrew R. Whalley
On Wed, Mar 30, 2016 at 2:23 PM, Kathleen Wilson wrote: > On 3/30/16 1:53 PM, Jeremy Rowley wrote: > >> I think a required move away from SHA1 client certs requires a bit more >> planning. >> >> 1) There hasn't been a formal deprecation of all SHA-1 certificates in >> any

Re: SHA-1 S/MIME certificates

2016-03-30 Thread Kathleen Wilson
On 3/30/16 1:53 PM, Jeremy Rowley wrote: I think a required move away from SHA1 client certs requires a bit more planning. 1) There hasn't been a formal deprecation of all SHA-1 certificates in any root store policy. There has been a formal deprecation by the CAB Forum of SHA1 server

Re: SHA-1 S/MIME certificates

2016-03-30 Thread Jakob Bohm
v-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert@lists.mozilla.org] On Behalf Of Jakob Bohm Sent: Wednesday, March 30, 2016 12:06 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: SHA-1 S/MIME certificates On 30/03/2016 18:49, Kathleen Wi

RE: SHA-1 S/MIME certificates

2016-03-30 Thread Jeremy Rowley
emy.rowley=digicert@lists.mozilla.org] On Behalf Of Jakob Bohm Sent: Wednesday, March 30, 2016 12:06 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: SHA-1 S/MIME certificates On 30/03/2016 18:49, Kathleen Wilson wrote: > All, > > In response to the 'March 2016

Re: SHA-1 S/MIME certificates

2016-03-30 Thread Jakob Bohm
1 S/MIME > certificates. Do we really have to stop issue after 2017? I will appreciate your thoughtful and constructive input into setting reasonable expectations for CAs in regards to SHA-1 S/MIME certificates. Thanks, Kathleen I would suggest the following minimum requirements: 1. Any 3rd

Re: SHA-1 S/MIME certificates

2016-03-30 Thread Kathleen Wilson
ificate Program will either expire or be revoked. ..." ACTION #1c is where CAs should provide information about their plans regarding SHA-1 S/MIME certificates, and any other types of SHA-1 certificates still being issued that chain up to the CA's included root certificates. I will greatly a

SHA-1 S/MIME certificates

2016-03-30 Thread Kathleen Wilson
All, In response to the 'March 2016 CA Communication' I received the following question from a CA. I think we should discuss it here, because I suspect there will be other CAs in this same situation. > We have a problem since we still issue SHA-1 S/MIME > certificates. Do we reall