On 12/01/17 19:06, Doug Beattie wrote: > Is there a provision for signing SHA-1 OCSP signing certificates? > Perhaps this is covered in #1, but specifically allowing SHA-1 OCSP > Signing certificates (under SHA-1 CAs which have active SHA-1 TLS > certificates) would be a good idea for clarity.
It is covered in #1. Do you see a problem? > For #2: - Can roots issue SHA-1 signed certificates? You seem to > preclude this, but of course we need that for OCSP signing certs. - You suggest changing to "the issuing intermediate or root"? > What if the Intermediate (or root if you permit that) does not have > an EKU, can that be used to sign certificates? I'm guessing most > older intermediate CAs don't have EKU, so this means most SHA-1 CAs > can be used to issue certificates (I'm not sure if this was your > intent). You mean "can't be used"? That is the intent, but the new clause about signing hashes over issuing intermediates is there to allow such certs to be replaced with a new cert which is identical but which has an EKU. But actually, that doesn't help, does it, because an attacker could just use the old version. I guess we also need to require key rotation? > Why can's CAs sign Precertificates? Well, certs going into CT are under the BRs anyway, so in what circumstances would you want to and be allowed to do this by existing policy anyway? Gerv _______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public