Please require SHA256 usage for OCSP responses for issuer Name and Key hashes

[xnox]

Current requirements:

OCSP responders operated by the CA SHALL support the HTTP GET method, as described in RFC 6960 and/or RFC 5019. The CA MAY process the Nonce extension (1.3.6.1.5.5.7.48.1.2) in accordance with RFC 8954.

RFC 6960 supports different hashes.
RFC 5019 requires SHA1.

In anticipation of https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5019bis/ getting published please consider starting a ballot to require SHA256 to be used instead of SHA1.

[github-actions]

This issue was created based on:

• TLS BR Version 2.1.7
• EVG Version 2.0.1

[clintwilson]

Thank you!
I'm very closely monitoring the publication of this draft and will be proposing a ballot to require SHA256 as soon as possible after the document is published.