On 2011-03-11, Chris Adams cmadams@hiwaay.net wrote:
Once upon a time, Petr Pisar ppisar@redhat.com said:
This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010.
Cite?
There is a study ETSI TS 102 176-1 V2.0.0 (called `ALGO Paper') http://webapp.etsi.org/action/PU/20071120/ts_10217601v020000p.pdf by ETSI that recommends algorithms and their safety in time. Then each European country implements national standards. E.g. Czech Republic requires at lest 2048b RSA with SHA-2 since 2010-01-01, the same applies to Germany or Slovakia.
Unfortuntally none of documents I can find now are not in English.
AFAIK American NIST states federal beaureus should stop to use SHA-1 at the end of 2010 (except HMAC, KDF or RNG usages).
https://europa.eu/ uses SHA-1 on a cert issued in February 2010.
This is not a quallified (or more precisely system) certificate. This is pure certificate you can buy from any one without any legal implications.
-- Petr