In PDF 2.0, SHA1 will be deprecated as hashing algorythm. Once PDF 2.0 comes out and Acrobat supports it, is the expected behaviour (success, warning or invalid) known regarding validation of signatures which contain components using sha1 ?? Will there be a configuration flag to "allow sha1" (like "allow expired tokens for timestamps"). Will this behaviour covers every PDF version ?
Different cases:
- certificate signed with sha1 applying a sha1 digital signature ?
- certificate signed with sha1 applying a sha256 signature ?
- what if everything is sha256 signed but a sha1 signed CRL is embedded in the signature ?
- what if everything is sha1 but a sha256 doc timestamp is applied ?
- what if the root CA (trusted anchor) is sha1 self signed ?
Thanks.
