On 21/11/16 20:29, Myers, Kenneth (10421) wrote:
> I've been trying to stay on top of the SHA-1 phase-out discussion but
> lost track. Where did it leave off?
I drafted a potential update to Mozilla's policy which was discussed
here, and has now moved to the CAB Forum public list for further
Hi Gerv,
I've been trying to stay on top of the SHA-1 phase-out discussion but lost
track. Where did it leave off?
I think I saw something of doing a ban at the browser level to not trust the
SHA-1 algorithm. Is this possible?
Kenneth Myers
Manager
+1.571.366.6120 +1.703.299.3046 fax
On 16/11/16 09:08, Kurt Roeckx wrote:
> The other option would be that Firefox adds an option to allow SHA-1 for
> things that are in the trust store but are not in the default trust store.
AIUI, that is going to be the default behaviour.
Gerv
___
On 2016-11-15 18:00, Peter Bowen wrote:
On Tue, Nov 15, 2016 at 7:25 AM, Kurt Roeckx wrote:
- If it's an enterprise root they need to switch to SHA-2
This is a lot easier said than done for many organizations. Depending
on the CA software this might be a small configuration
On Tue, Nov 15, 2016 at 7:25 AM, Kurt Roeckx wrote:
>
> - If it's an enterprise root they need to switch to SHA-2
This is a lot easier said than done for many organizations. Depending
on the CA software this might be a small configuration change or might
involve a very large
On 2016-11-15 16:19, Gervase Markham wrote:
On 15/11/16 12:20, jansomar...@gmail.com wrote:
I would step in to your discussion if you don't mind. My question is
very similar to the original one but in regards to internal usage of
SHA-1 signed certs. We are running large number of network devs
Hello Guys,
I would step in to your discussion if you don't mind. My question is very
similar to the original one but in regards to internal usage of SHA-1 signed
certs. We are running large number of network devs acting as a proxy and users
need to authenticate in order to access some of the
On Wednesday, 12 October 2016 14:50:22 UTC+1, Gervase Markham wrote:
> However, we would counsel all sites to move
> away from SHA-1 as the user experience will be as bad as the security.
A message I've seen from some security vendors, that I don't want us
reinforcing, is the idea that the
8 matches
Mail list logo