Santosh Chokhani wrote:
One would think we want to start using SHA-1 or even SHA256 (assuming client vendors implement SHA256 ASAP) and ask the CAs emanating from commercial roots to perform responsible I&A before issuing certificates.
Speaking of I&A, I found it interesting to note that the CA/Browser forum guidelines for EV certs allows (but recommends against) MD5 until 2010.
The spot check of EV issuers I did yesterday didn't turn up anyone actually using MD5, but I didn't have all of 'em available.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature