Santosh Chokhani wrote:
One would think we want to start using SHA-1 or even SHA256 (assuming
client vendors implement SHA256 ASAP) and ask the CAs emanating from
commercial roots to perform responsible I&A before issuing certificates.
Speaking of I&A, I found it interesting to note that the CA/Browser
forum guidelines for EV certs allows (but recommends against) MD5 until
2010.
The spot check of EV issuers I did yesterday didn't turn up anyone
actually using MD5, but I didn't have all of 'em available.
-- Tim
smime.p7s
Description: S/MIME Cryptographic Signature