Re: Update to phasing out SHA-1 Certs

2015-11-06 Thread Rick Andrews
> - We are re-evaluating when we should start rejecting all SHA-1 SSL > certificates (regardless of when they were issued). As we said before, > the current plan is to make this change on January 1, 2017. However, in > light of recent attacks on SHA-1, we are also considering the >

Re: Policy Update: section 8 of Maintenance Policy

2015-11-06 Thread Kurt Roeckx
On 2015-11-05 19:46, Kathleen Wilson wrote: Another option is to delete this section from Mozilla's policy, because it is covered by the Baseline Requirements. However, the Baseline Requirements allows for DSA, which Mozilla does not support. Maybe the BR should be updated to remove DSA

Re: Policy Update: section 8 of Maintenance Policy

2015-11-06 Thread Rob Stradling
On 05/11/15 20:01, s...@gmx.ch wrote: I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them? I would like to (and I expect to) see these in a future version of the BRs. There seems little point in

Re: Policy Update: section 8 of Maintenance Policy

2015-11-06 Thread Kurt Roeckx
On 2015-11-05 21:01, s...@gmx.ch wrote: I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them? [1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105 This is about certificate, so as far as I know

Re: Update to phasing out SHA-1 Certs

2015-11-06 Thread Lothsahn
On Thursday, November 5, 2015 at 3:27:45 PM UTC-5, Kathleen Wilson wrote: > On 11/5/15 11:34 AM, s...@gmx.ch wrote: > > It seems that we are going to untrust SHA-1 generally on July 1, 2016 > > [1]. Do we already have a bug number for this? > > >

SHA256/GCM DHE support when SHA1 support is dropped

2015-11-06 Thread lothsahn
https://bugzilla.mozilla.org/s... [mozilla.org] Firefox only currently supports DHE with SHA1. Are they going add support for SHA256 DHE when they disable SHA1? To quote Michael Staruch from the above link: It looked more like attempts to discredit DHE and push everyone into ECC. And I am not

RE: SHA256/GCM DHE support when SHA1 support is dropped

2015-11-06 Thread Yuhong Bao
Mozilla is not dropping HMAC-SHA1 TLS ciphersuites. TLS 1.0 would not work without them. > Date: Fri, 6 Nov 2015 08:47:45 -0800 > Subject: SHA256/GCM DHE support when SHA1 support is dropped > From: loths...@gmail.com > To:

Re: SHA256/GCM DHE support when SHA1 support is dropped

2015-11-06 Thread Gijs Kruitbosch
On 06/11/2015 16:47, loths...@gmail.com wrote: https://bugzilla.mozilla.org/s... [mozilla.org] For clarity, the scrubbed link here was: https://bugzilla.mozilla.org/show_bug.cgi?id=1084554 ~ Gijs ___ dev-security-policy mailing list