Hi Kathleen.
"Certificate ID" seems like entirely the wrong name for this field,
given that it [SHA-256(der(subject) + der(spki))] doesn't actually
identify a unique certificate! Indeed, the whole point of having this
field seems to be to identify _multiple_ related certificates.
Why not call it "SHA-256(Subject + SPKI)" instead?
On 26/09/16 18:01, Kathleen Wilson wrote:
>> Summary of changes:
>>
>> - 'Signature Hash Algorithm' will have new drop down list: md2WithRSAEncryption, md5WithRSAEncryption, sha1WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, ecdsaWithSHA256, ecdsaWithSHA384. ecdsaWithSHA521
>> - 'Public Key Algorithm' will have new drop down list: RSA 1024 bits, RSA 2048 bits, RSA 4096 bits, EC secp256r1, EC secp384r1, EC secp521r1
>> - 'Signature Algorithm' & 'Signing Key Parameters' will be deprecated
>> - 'Certificate ID' a new field will be added and auto populated. It identifies same logical certificate in different CA Hierarchies. SHA-256(der(subject) + der(spki)).
>> - 'Certificate Serial number' new field on root page will be added and auto populated
>> - 'CRl URl(s)' will be populated by urls ending with .crl only
>> - Minor rearrangements of fields will be made to root and intermediate page layouts
>> - A batch process will re-run PEM->JSON tool for all intermediate certs and populate PEM fields
>> - Another batch process will add PEM info to root certs and all PEM fields will be populated by the values returned by x509certChecker utility (PEM->JSON)
>> - 'Add/Update PEM info' button will be made available to root store managers who have write-access (currently only Mozilla and Microsoft)
>
> The changes listed above have been completed.
>
>
>> - Reports which use 'Signature Algorithm'/ 'Signing Key Parameters' will show the new fields instead.
>> - CSV Reports which use 'Signature Algorithm'/ 'Signing Key Parameters' will show the new fields instead.
>
>
> The reports are still being updated. Some additional changes to the reports:
> - Replacing SHA1 Fingerprint with SHA256 Fingerprint
> - Adding Cert Serial Number and CertID
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online