One Statement Policies
CA Distribution download
Find your local CA
About your certificate
Tools download and fetch-crl
IGTF OID Registry
Utrecht 20-22 May, 2019
Intranet and Reviews
IGTF time line statement on SHA-2 Secure Digest Mechanisms
Having consulted the major relying parties, the authority members, and the HASHRAT expert group, and based on the discussions at the APGridPMA, TAGPMA, and EUGridPMA, the following SHA-2 time line has now been endorsed by the IGTF.
If SHA-1 is broken, certificates based on SHA-1 must be revoked within the IGTF RAT determined time line, which may be within one working day. (pending IGTF AHM)
In case of new SHA-1 vulnerabilities, the above schedule may be revised.
Until such a case is demonstrated, there might be exceptional cases where a CA might issue SHA-1 based certs with appropriate warnings and instructions to the subscriber.
SHA-224 is not to be used as per the HASHRAT document. Note that SHA-384 does work, though (and in some or many cases is preferred over SHA-512 for compatibility reasons as per https://bugzilla.mozilla.org/show_bug.cgi?id=1129083.
Comments to David Groep.