On 01/23/2009 02:26 PM, Ian G:
Sigh. You destroy your own argument. We *all know* but some of us choose to ignore that driving a car is a very risky thing, and people die all the time.
Well, sorry, I'm not in your camp nor do I see it this way. We strife for 100% whenever possible. This was clearly a case where it was possible.
Yet we all do it. And, it should be entirely logical that if a chance of a fireball does not measurably change that risk
I guess 3% is a high enough risk even for somebody like you.
1. MD5 is a *protocol* issue,
LOL, the weak debian keys was also a "protocol" issue :-)
2. it effects all sites.
No, only those which used MD5.
3. It is within Mozilla's power to deal with it.
Up to a certain extend. If it breaks 20% of all sites I guess it's not.
There are some who believe that Mozilla should have a general ability to tell a CA what to do.
Actually Mozilla does exactly that with its policy. It perhaps needs to enforce it better after approval of a CA.
Well, and I'm ashamed to say it, your point is only right for Mozilla. According to what I've seen, we are going to be stuck with SHA1 for years.
Yes, but SHA1 is not where MD5 is today. Incidentally we tried on an experimental basis to introduce SHA256, but unfortunately a certain operating system doesn't support it well. It will have to wait for 2010 and beyond before we'll try it again.
Others can correct, but as far as I saw last week, but neither TLS nor Apache httpd/OpenSSL can deal with SHA2, there is some server-side snafu.
Not that I'm aware, but what about Windows 2003 servers which are widely deployed? And Windows XP?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
