On 07/11/14 20:06, Antje wrote:
Today I received an email from NameCheap that told me about the retirement of
SHA-1 for HTTPS certificates and I realised that OpenStreetMap has HTTPS
support. According to https://shaaaaaaaaaaaaa.com/check/openstreetmap.org (a
website that lets you check if a website is using SHA-1 or SHA-2),
OpenStreetMap is apparently using SHA-1.
The email says that Google will begin to sunset SHA-1 this month (even though
we have doubts about their maps, the SHA-1 news is still important). (source:
Qualys Lab at
https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know).
Can OpenStreetMap please update their HTTPS Certificate to use SHA-2 instead
of SHA-1?
We are well aware of this issue - there is still some months before
browsers start dropping SHA-1 support and the certificate will be
reissued before that happens.
Based on our expiry date CHrome 41 is the first version that will start
to penalise SHA-1 and that's not due until Q1 next year.
Tom
--
Tom Hughes (t...@compton.nu)
http://compton.nu/
_______________________________________________
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev
