> I know of one blocker: Microsoft. Their TechNet article at aka.ms/sha1 says > that CAs are allowed to use SHA-1 and SHA-2 for OCSP signing certs and OCSP > responses, to allow continued support for XP SP1 and 2, and Server 2003. > Using SHA-2 only for OCSP signing certs and OCSP responses will break those > platforms. I don't think XP supports OCSP at all. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
- OCSP Responders Are An Attack Vector For SHA-1 Colli... Andrew Ayer
- Re: OCSP Responders Are An Attack Vector For SH... Richard Barnes
- RE: OCSP Responders Are An Attack Vector For SH... Mads Egil Henriksveen
- Re: OCSP Responders Are An Attack Vector For SH... Rick Andrews
- RE: OCSP Responders Are An Attack Vector Fo... Yuhong Bao
- Re: OCSP Responders Are An Attack Vecto... Rob Stradling
- Re: OCSP Responders Are An Attack Vector Fo... Jakob Bohm
- RE: OCSP Responders Are An Attack Vecto... Peter Gutmann
- Re: OCSP Responders Are An Attack Vecto... Peter Bowen
- Re: OCSP Responders Are An Attack Vecto... Jakob Bohm
- Re: OCSP Responders Are An Attack Vecto... Andrew Ayer
- RE: [FORGED] Re: OCSP Responders Ar... Peter Gutmann
- Re: OCSP Responders Are An Att... Andrew Ayer
- Re: OCSP Responders Are An Attack Vector For SH... Andrew Ayer
- OCSP Responders Are An Attack Vector For SHA-1 ... Erwann Abalea