[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The SHA1 sunset

From: James Cloos
Subject: Re: The SHA1 sunset
Date: Mon, 04 Jan 2016 18:04:02 -0500
User-agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux)

>>>>> "LMI" == Lars Magne Ingebrigtsen <address@hidden> writes:

LMI> Other browser makers have announced their intention to refuse to make
LMI> any TLS connection using SHA1-signed certificates on January 1st, but
LMI> I'm not sure whether they actually went through with this?

No, they are rejecting and cert which uses sha1 and claims to have been
issued after 2016-01-01T00:00:00.

The latter part is important.

The commercial CAs have agreed not to issue any sha1 certs starting on
that date, so the refusal does not affect anything using mainstream
commercial certs.

So the browser vendors are not doing anything of actual value, just
engaging in some theatre.

James Cloos <address@hidden>         OpenPGP: 0x997A9F17ED7DAEA6

reply via email to

[Prev in Thread] Current Thread [Next in Thread]