On 2011-03-11, Chris Adams <cmadams@xxxxxxxxxx> wrote: > Once upon a time, Petr Pisar <ppisar@xxxxxxxxxx> said: >> This year? In Europe we are over. All quallified CA's are forbiden to >> issue SHA-1 certificates since begin of 2010. > > Cite? There is a study ETSI TS 102 176-1 V2.0.0 (called `ALGO Paper') <http://webapp.etsi.org/action/PU/20071120/ts_10217601v020000p.pdf> by ETSI that recommends algorithms and their safety in time. Then each European country implements national standards. E.g. Czech Republic requires at lest 2048b RSA with SHA-2 since 2010-01-01, the same applies to Germany or Slovakia. Unfortuntally none of documents I can find now are not in English. AFAIK American NIST states federal beaureus should stop to use SHA-1 at the end of 2010 (except HMAC, KDF or RNG usages). > https://europa.eu/ uses SHA-1 on a cert issued in February 2010. This is not a quallified (or more precisely system) certificate. This is pure certificate you can buy from any one without any legal implications. -- Petr -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
