On 26/1/09 14:03, Eddy Nigg wrote:
On 01/26/2009 01:57 PM, Ian G:
More on that "SHA1 disaster brewing" thing. My today understanding
(wait until tomorrow before challenging ...) is it could be as bad as
this:
* servers need to support TLS1.2 before the old hash family is gone.
* clients need to support old hashes until the servers stop TLS1.1
* we have our classic client-server deadly embrace!
* servers won't stop before clients stop before servers stop...
* nobody is rushing to support TLS1.2
* Apache won't ship a release httpd to handle SHA2 certs any time soon
* SHA2 is off the agenda?
* might want to stick a nonce in each cert?
* and wait for SHA3?
Even though I agree that SHA2 family needs to wait, albeit for different
reasons, I wonder what's wrong with Apache and SHA2 support? Can you
tell me what exactly the problem is?
No, I can't tell you exactly, I just read s**t on the net :)
Or more precisely, this one isn't important enough to further research
and nail down, but it's important enough to wave a red flag.
Ref this thread:
"MD5 considered harmful today, SHA-1 considered harmful tomorrow"
on the cryptography list, and read what Victor Duchovni says.
I might be very wrong, hopefully someone else can explain it better.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
