On 2016-11-15 16:19, Gervase Markham wrote:
On 15/11/16 12:20, jansomar...@gmail.com wrote:
I would step in to your discussion if you don't mind. My question is
very similar to the original one but in regards to internal usage of
SHA-1 signed certs. We are running large number of network devs
devs == devices, rather than developers?
acting as a proxy and users need to authenticate in order to access
some of the applications. It's an internal closed environment and all
the devices are using self-signed certificates. Will something change
for us when Mozilla disabled SHA-1 certs?
Are you sure you mean self-signed certs? Every time a user accesses a
new application, they get a security error they have to override? Or do
you mean you have a private enterprise root which you add to web
browsers, and which issue all these certs for you?
I guess the answer for both cases are:
- If it's an enterprise root they need to switch to SHA-2
- If it's self-signed we don't care about the signature algorithm.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
