> I know of one blocker: Microsoft. Their TechNet article at aka.ms/sha1 says 
> that CAs are allowed to use SHA-1 and SHA-2 for OCSP signing certs and OCSP 
> responses, to allow continued support for XP SP1 and 2, and Server 2003. 
> Using SHA-2 only for OCSP signing certs and OCSP responses will break those 
> platforms.
I don't think XP supports OCSP at all.                                    
dev-security-policy mailing list

Reply via email to