Tags:
create new tag
view all tags
Now
  • CA certificates in the IGTF distribution and CRLs at official distribution points should use SHA-1
  • CAs should issue SHA-1 end entity certificates by default
  • CAs may issue SHA-2 (SHA-256 or SHA-512) end entity certificates on request. CAs may publish SHA-2 (SHA-256 or SHA-512) CRLs at alternate distribution point URLs
1 December 2013
1 October 2013
  • CAs should begin to phase out issuance of SHA-1 end entity certificates
  • CAs should issue SHA-2 (SHA-256 or SHA-512) end entity certificates by default
1 April 2014
  • New CA certificates should use SHA-2 (SHA-512)
  • Existing intermediate CA certificates should be re-issued using SHA-2 (SHA-512)
  • Existing root CA certificates may continue to use SHA-1
1 October 2014
  • CAs may begin to publish SHA-2 (SHA-256 or SHA-512) CRLs at their official distribution points.
1 February 2015
1 December 2014
  • All issued SHA-1 end entity certificates should be expired or revoked.
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2013-11-06 - KanBowen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback