[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The SHA1 sunset

From: Lars Magne Ingebrigtsen
Subject: Re: The SHA1 sunset
Date: Tue, 05 Jan 2016 08:07:39 +0100
User-agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux)

Mike Gerwitz <address@hidden> writes:

> Personally, I prefer not to rely on bandages for my crypto.

It is, of course, up to you what you do for yourself.

What we're discussing is what the defaults should be in Emacs.  Issuing
warnings to users about something that isn't (yet) a probable issue is a
disservice to our users.  If they feel that these security mechanisms
get in the way of getting stuff done, they will, of course, just disable
those mechanisms altogether.

Which is why I asked to statistics of SHA-1 certificates in use today.
The newest one I could find was from April 2015, and at that point 20%
of Alexa Top 1000 web sites were using SHA-1 certificates.  If that's
still the case, it's way more than is reasonable to warn our users

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]