Revocation of SHA-1 subCAs
72 views
Skip to first unread message
Dimitris Zacharopoulos (HARICA)
Mar 12, 2026, 1:20:36 PM (10 days ago) Mar 12
to CA/B Forum Server Certificate WG Public Discussion List
I just noticed that the description I put in table 1.2.2:
| 2026-09-15 | 7.1.3.2.1 | Sunset all remaining use of SHA-1 in Certificates and CRLs. |
is not very descriptive of the requirement to revoke unexpired SHA-1 subCAs.
The actual requirement states:
Prior to 2026‐09‐15, the CA SHALL revoke any
unexpired Subordinate CA Certificate that contains RSASSA-PKCS1-v1_5
with SHA-1 within the Certificate.
I will update the description in the next BRs update to state:
| 2026-09-15 | 7.1.3.2.1 | Revoke any unexpired Subordinate CA Certificate that contains SHA-1 |
Please let me know if this description reflects the requirement better than the previous one.
Thanks,
Dimitris.
--
HARICA Public Key Infrastructure
Dimitris Zacharopoulos
PKI Manager
t : +30 2310 998483
www.harica.gr
HARICA Public Key Infrastructure
Dimitris Zacharopoulos
PKI Manager
t : +30 2310 998483
www.harica.gr
Martijn Katerbarg
Mar 12, 2026, 3:47:53 PM (10 days ago) Mar 12
to server...@groups.cabforum.org
Dimitris, both descriptions are correct though. Perhaps add your proposed line to the table, but also keep the existing one.
From: 'Dimitris Zacharopoulos (HARICA)' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Thursday, 12 March 2026 at 18:20
To: CA/B Forum Server Certificate WG Public Discussion List <server...@groups.cabforum.org>
Subject: [Servercert-wg] Revocation of SHA-1 subCAs
Date: Thursday, 12 March 2026 at 18:20
To: CA/B Forum Server Certificate WG Public Discussion List <server...@groups.cabforum.org>
Subject: [Servercert-wg] Revocation of SHA-1 subCAs
This Message Is From an External Sender
This message came from outside your organization.
--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/9e8d341e-c538-44ae-8032-6ef9b8b57338%40harica.gr.
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/9e8d341e-c538-44ae-8032-6ef9b8b57338%40harica.gr.
Dimitris Zacharopoulos
Mar 12, 2026, 6:53:44 PM (10 days ago) Mar 12
to 'Martijn Katerbarg' via Server Certificate WG (CA/B Forum)
Sounds good, thanks!
DZ.
Mar 12, 2026 14:47:59 'Martijn Katerbarg' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>:
Reply all
Reply to author
Forward
0 new messages