On 03/06/14 01:42, Kathleen Wilson wrote:
On 5/28/14, 5:17 PM, Kathleen Wilson wrote:
<snip>
I could create another spreadsheet for SubCAs that are in CRL/OCSP mode,
and it could have columns for
Name of SubCA (optional)
SubCA Cert's Issuer Hash
SubCA Cert's Issuer Public Key Hash
SubCA Cert Issuer Serial Number
Date of last cert issuance
Date of last cert expiration
<snip>
I also added:
<snip>
- For each subordinate CA certificate that is being phased out and
is in 'CRL/OCSP only' mode, please provide the following information:
Name of SubCA (optional), SubCA Cert Hash (SHA1),
Kathleen, you didn't previously mandate any particular hash algorithm.
Our disclosure page shows the SHA-256 hash of each Sub-CA certificate.
Is that acceptable, or do you want us to show the SHA-1 hash of each
Sub-CA certificate instead?
SubCA Cert Key Id Hash (SHA1), SubCA Cert Subject Key Identifier,
These will be identical in the common case that the Subject Key
Identifier is generated using the method described in RFC5280 Section
4.2.1.2(1)...
"The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits)."
Or have I misunderstood what you meant by "SubCA Cert Key Id Hash" ?
Thanks.
SubCA Cert Serial Number,
Date of Last Cert Issuance, Date of Last Cert Expiration.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
