RE: OCSP Responders Are An Attack Vector For SHA-1 Collisions

Wed, 09 Mar 2016 11:04:32 -0800 

> I know of one blocker: Microsoft. Their TechNet article at aka.ms/sha1 says 
> that CAs are allowed to use SHA-1 and SHA-2 for OCSP signing certs and OCSP 
> responses, to allow continued support for XP SP1 and 2, and Server 2003. 
> Using SHA-2 only for OCSP signing certs and OCSP responses will break those 
> platforms.
I don't think XP supports OCSP at all.                                    
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to