My general sense is that we should be doing more to discourage the use of SHA-1 rather than less. I've just filed an issue [1] to consider a ban on SHA-1 S/MIME certificates in the future.
On Mon, Mar 25, 2019 at 10:54 AM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > As for myself and my company, we switched to a non-Symantec CA for these > services before the general SHA-1 deprecation and thus the CA we use can > continue to update relevant intermediary CAs using the exception to > extend the lifetime of historic issuing CAs. However it would probably > be more secure (less danger to users) if CAs routinely issued > sequentially named new issuing CAs for these purposes at regular > intervals (perhaps annually), however this is against current Mozilla > Policy if the root is still in the Mozilla program (as an anchor for > SHA2 WebPKI or e-mail certs). > > I do acknowledge the legacy issue that Jakob points out, but given that it hasn't come up before, I question if it is a problem that we need to address. I would be interested to hear from others who have a need to issue new SHA-1 subordinate CA certificates for uses beyond the scope of the BRs. We could consider a loosening of the section 5.1.1 requirements on intermediates, but I am concerned about creating loopholes and about contradicting the BRs (which explicitly ban SHA-1 OCSP signing certificates in section 7.1.3). - Wayne [1] https://github.com/mozilla/pkipolicy/issues/178 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy