> On Feb 23, 2017, at 10:40 PM, Ryan Sleevi <[email protected]> wrote: > > > > On Thu, Feb 23, 2017 at 7:04 PM, [email protected] > <mailto:[email protected]> <[email protected] > <mailto:[email protected]>> wrote: > If we are to lead, how about doing the obvious and setting a date by which > servers and browsers are advised to provide support for SHA-3? > > Hi Phillip, > > Could you point me to any IETF documents that describe or specify how CAs > would generate such signatures? > > And can you point me to any HSM vendors that CAs might use to ensure that > their private keys are appropriately protected when generating these > signatures? > > I look forward to engaging with you on how we can move the industry forward, > and I look forward to opportunities to learn about what efforts Comodo has > put forward in this space, as well as opportunities for how we as a Forum can > work together to address the necessary and obvious concerns before discussing > dates.
I did try to get SHA-3 added to the CURDLE working group work items. And I was told that nobody was asking for it. Things have to break before some people will act. Which is why I consider the proposal to further reduce validity intervals to provide more procrastination time positively harmful. The SHA-2 transition took a decade. We could have started five years earlier. SHA-2 is a direct swap for SHA-3 however. All that is required is to define the necessary OIDs. And the CURDLE charter does not preclude SHA-3, it merely does not list them as current work items. If we are going to judge proposals by the number of other industry players who support them, where does a proposal that only garners support of one other browser and one CA stand?
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
