When India started using Digital Signatures after the ITA 2000 was enacted, CCA had approved MD5 algortithm for hashing. Susequently, MD5 was disaccredited and SHA-1 was being used as approved algorithms. Global developments now indicate that time has come for users to move from SHA-1 to SHA-2 since SHA-1 has either been already cracked or is about to be cracked.
Crypto experts inidcate that by end of Dec 2015, Chrome may start providing browser warnings and by 2016-17, both Chrome and Microsoft may discontinue acceptance of SHA-1 in the applications. This may result in SSL/TLS authentication certificates need to be replaced by websites.
If SHA-1 is unreliable for SSL-TLS, it should also be considered unreliable for the Indian Digital Signature system which carries the judicial weight for non repudiation.
We are already in 2015 and many digital signature users may be using a 2 year valid digital signature certificate which may overlap with the discontinuance of the SHA-1 certificates by the international community.
In order to preserve the sanctity of the Digital Signature system of India, it is necessary for CCA to take steps to migrate completely to SHA-2 which is already an approved system, by phasing out SHA-1 in time. Hopefully CA s are making necessary arrangements so that we are in tune with global security standards.
Naavi
