This discussion started in the CA/Browser Forum public list; I'm moving it here at Gerv's suggestion.
Mozilla recently posted its SHA-1 policy here: https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/. This blog is helpful, but not complete since it doesn't mention OCSP responses or CRLs. Firefox doesn't check CRLs, but Mozilla will rely on CRLs for OneCRL. Firefox still checks OCSP responses in many cases, stapled or not. Many CAs already sign CRLs and OCSP responses with SHA-2, so that's not what I'm concerned about. I know Firefox and other Mozilla projects can handle SHA-2 CRLs and OCSP responses. I'm concerned about the special case of SHA-1 roots. Currently, I bet all CAs are signing (with SHA-1) CRLs and OCSP responses for certs issued by those roots, and at some point we need to switch to signing those items using SHA-2. We may not want to do that too early, because that will negatively affect clients that don't support SHA-2. And we'd like to be sure that there's no assumptions built in to any relying party software that a SHA-1 CA will always sign a CRL or OCSP response with SHA-1. So I'm hoping someone can confirm that Mozilla components (Firefox and/or NSS, whatever consumes CRLs for OneCRL, etc.) handle this special case correctly. It would also be helpful to know which version of Firefox first supported SHA-2. Thanks in advance. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
