Hi, I have noted that a lot of arguments being discussed regarding deprecation of SHA-1 certificates, both intermediate CA certificate and end-entity certificates.
However, we know SHA-2 is a set of algorithms SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. Which SHA-2 algorithm should CAs use? It seems that most CAs who has SHA-2 root certificate trusted in Mozilla products has chosen SHA-256. Do you know why not to choose SHA-512 given that SHA-512 is stronger security strength than SHA-256? Man Ho _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
