On 01/26/2009 01:57 PM, Ian G:
More on that "SHA1 disaster brewing" thing. My today understanding
(wait until tomorrow before challenging ...) is it could be as bad as this:
* servers need to support TLS1.2 before the old hash family is gone.
* clients need to support old hashes until the servers stop TLS1.1
* we have our classic client-server deadly embrace!
* servers won't stop before clients stop before servers stop...
* nobody is rushing to support TLS1.2
* Apache won't ship a release httpd to handle SHA2 certs any time soon
* SHA2 is off the agenda?
* might want to stick a nonce in each cert?
* and wait for SHA3?
Even though I agree that SHA2 family needs to wait, albeit for different
reasons, I wonder what's wrong with Apache and SHA2 support? Can you
tell me what exactly the problem is?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
