CA/Communications: Difference between revisions

CA/Communications (view source)

Revision as of 18:23, 2 February 2022

1,216 bytes added , 2 February 2022

Added Feb 2022 CA Communication

Bwilson

Confirmed users

377

edits

@@ Line 1: / Line 1: @@
 The following are communications that have been sent to Certification Authorities participating in [[CA | Mozilla's root program.]] If you have questions regarding these communications, please first review related discussions in the mozilla.dev.security.policy forum. If your questions cannot be answered in that forum, then please send email to certificates@mozilla.org.
+== February 2022 CA Communication ==
+Dear Certification Authority,
+Mozilla is engaged in policy review discussions to sunset the use of SHA1 for signing by CAs of CRLs, OCSP responses, and SMIME certificates.
+See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/CnVjV-bFcyI/m/TFuWOy2BAwAJ
+(Server certificate signing is governed by the Baseline Requirements, and effective June 1, 2022, OCSP responses related to server certificates cannot be signed with SHA1.)
+One proposal is to remove SHA1 from the list of allowed signing algorithms altogether, but before we do this, I would like your proposed sunset dates for the different types of SHA1 signing you might currently perform--SMIME certificates, ARLs/CRLs, and OCSP responses for SMIME certificates.
+Please participate in this important topic, which is already underway on the Mozilla dev-security-policy list. Let us know about your specific concerns and hurdles that would need to be overcome.
+(Some CAs have expressed willingness to quickly convert over to SHA256, while others have expressed that it is not a simple task and will require additional development work.)
+Thanks,
+Ben Wilson (bwilson@mozilla.com)
+Mozilla Root Store Program
 == April 2021 CA Communication ==

CA/Communications: Difference between revisions

CA/Communications (view source)

Revision as of 18:23, 2 February 2022

Navigation menu

Search