[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The SHA1 sunset
|
From: |
James Cloos |
|
Subject: |
Re: The SHA1 sunset |
|
Date: |
Mon, 04 Jan 2016 18:04:02 -0500 |
|
User-agent: |
Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) |
>>>>> "LMI" == Lars Magne Ingebrigtsen <address@hidden> writes:
LMI> Other browser makers have announced their intention to refuse to make
LMI> any TLS connection using SHA1-signed certificates on January 1st, but
LMI> I'm not sure whether they actually went through with this?
No, they are rejecting and cert which uses sha1 and claims to have been
issued after 2016-01-01T00:00:00.
The latter part is important.
The commercial CAs have agreed not to issue any sha1 certs starting on
that date, so the refusal does not affect anything using mainstream
commercial certs.
So the browser vendors are not doing anything of actual value, just
engaging in some theatre.
-JimC
--
James Cloos <address@hidden> OpenPGP: 0x997A9F17ED7DAEA6
- Re: The SHA1 sunset, (continued)
- Re: The SHA1 sunset, Eli Zaretskii, 2016/01/03
- Re: The SHA1 sunset, John Wiegley, 2016/01/03
- Re: The SHA1 sunset, Mike Gerwitz, 2016/01/03
- Re: The SHA1 sunset, Lars Magne Ingebrigtsen, 2016/01/04
- Re: The SHA1 sunset, Mike Gerwitz, 2016/01/05
- Re: The SHA1 sunset, Lars Magne Ingebrigtsen, 2016/01/05
- Re: The SHA1 sunset, Eli Zaretskii, 2016/01/04
Re: The SHA1 sunset,
James Cloos <=