On Wed, Jan 08, 2014 at 01:36:48PM +0100, Mathias Tausig wrote: > On Wednesday 08. January 2014 12:33:56 Kurt Roeckx wrote: > > I'm not convinced there is a need for the CA certificates themselves to > > start using SHA-2. I think the only thing we care about for those is > > a preimage attack. SHA-1 still provides 160 bit of security for that. > > > > Microsoft requires in its SHA1 deprecation policy, to have SHA-2 based > intermediate certificates, so it will be a necessity anyway.
Right, the root CAs can stay as they are but the intermediates need to change to SHA-2 according to Microsoft's policy. Anyway, for 2048 bit certificates SHA-256 should be fine. For 4096 bit you can argue if SHA-256 is fine or that you should go to SHA-384. But I don't see the need for SHA-384 for intermediates. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
