Updating SSL keys on fedoraproject.org 2011-03-10
Petr Pisar
ppisar at redhat.com
Mon Mar 14 15:32:30 UTC 2011
On 2011-03-11, Chris Adams <cmadams at hiwaay.net> wrote:
> Once upon a time, Petr Pisar <ppisar at redhat.com> said:
>> This year? In Europe we are over. All quallified CA's are forbiden to
>> issue SHA-1 certificates since begin of 2010.
>
> Cite?
There is a study ETSI TS 102 176-1 V2.0.0 (called `ALGO Paper')
<http://webapp.etsi.org/action/PU/20071120/ts_10217601v020000p.pdf> by
ETSI that recommends algorithms and their safety in time. Then each
European country implements national standards. E.g. Czech Republic
requires at lest 2048b RSA with SHA-2 since 2010-01-01, the same applies
to Germany or Slovakia.
Unfortuntally none of documents I can find now are not in English.
AFAIK American NIST states federal beaureus should stop to use SHA-1 at
the end of 2010 (except HMAC, KDF or RNG usages).
> https://europa.eu/ uses SHA-1 on a cert issued in February 2010.
This is not a quallified (or more precisely system) certificate. This is
pure certificate you can buy from any one without any legal implications.
-- Petr
More information about the devel
mailing list