On 21/06/17 11:19, Phillip via Public wrote: > Did I hear Gerv mention that there is a plan to remove SHA-1 from the > S/MIME? Sound difficult on my end. > > One of the major issues with S/MIME has been that there is no way to > negotiate cipher suites in an async protocol.
Exactly how this would work remains to be worked out, but it might involve the following steps: * Publicly-trusted CAs stopping issuing SHA-1 email certs * Clients no longer permitting the creation of emails using SHA-1 certs * Clients warning about the receipt of emails signed using SHA-1 certs I agree it will be a while before clients could refuse to decode emails signed using SHA-1 certs, i.e. remove the algorithm from their codebases. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
