For the sake of completeness: Let's Encrypt / ISRG does not sign SHA-1 hashes for any purpose, and would be amenable to any sunset date.
We do accept signatures over SHA-1 hashes of CSRs provided by subscribers, and of course accept SHA-1 hashes for the issuerKeyHash and issuerNameHash in OCSP requests, but those are not relevant to this proposal. Aaron On Tuesday, February 1, 2022 at 7:59:37 PM UTC-8 [email protected] wrote: > I have emailed CAs in the Mozilla program asking them to respond here. > > On Wed, Jan 26, 2022 at 12:41 PM Ryan Sleevi <[email protected]> wrote: > >> >> >> On Wed, Jan 26, 2022 at 2:00 PM Ben Wilson <[email protected]> wrote: >> >>> See responses inline below. >>> >>> On Tue, Jan 25, 2022 at 11:12 PM Ryan Sleevi <[email protected]> wrote: >>> >>>> It’s not clear: what situations make it appropriate for a CA >>>> communication, versus discussion here? >>>> >>> >>> Yes. It is preferable that discussion take place here. However, a >>> survey would still be public, as they have been in the past, and the CCADB >>> would collect all of the responses in a table format. >>> >> >> Oh, for sure :) I just know that the surveys have historically had delays >> or had confusion by CAs in interpreting questions, and the survey approach >> somewhat predates the m.d.s.p. participation requirement. I totally realize >> that it has benefits for bringing direct awareness, but I raise it to try >> and understand if the expectation is to always have the two parallel paths >> for soliciting feedback, or if it might just be sufficient to email blast >> CAs to say "Hey, here's the discussion, to send feedback, please >> participate here". That, I think, might achieve the goal of highlighting >> the importance, while still centralizing some of the conversation :) Just a >> thought >> >> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/4cc08002-fd67-4db9-859e-8b20365e4d11n%40mozilla.org.
