On 09.01.2009 18:51, Johnathan Nightingale wrote:
SHA-1 is heading that way as well, and the decisions we make here will
likely shape policy for SHA-1's eventual decommissioning as well.
I think it's important to prepare now that we actually *can*
decommission SHA-1. This means:
* All popular browsers need to implement SHA-256 and maybe other secure
algos as well.
* Afterwards, CAs need to start issueing SHA-256 certs.
* Afterwards, browser needs to remove SHA-1 support.
Each step likely will take years (1-3). This means we need to rush into
this process now, if we believe SHA-1 will fall (as you said).
MD-5 is a rather clear-cut case in comparision (all browsers support
SHA-1, most CAs already issue SHA-1, only 14% certs use MD5, all CAs
moved to SHA-1 by now to my knowledge).
I propose to announce that we'll stop supporting MD5 in 3 months, and
ask website owners to get new certs.
Other people preferred a longer time period, so I'd suggest end of this
year. Plenty of time for website owners to react. But we need to
announce it some time now, and CAs ideally contact their customers (with
these 5% of MD5 certs with validity into 2010 and beyond) 3 months
before this date as well, if they haven't reacted yet at this time.
- Establish our feelings around how much of the net we are comfortable
invalidating if we kill an algorithm
More important for me is what we did to warn them.
Hopefully, all high traffic sites will then have reacted (and if some
are remaining, we can contact them), leading to a traffic percentage
much smaller than the cert percentage, which is already small.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
