Skip to Content [alt-c]
In reply to I Don't Accept the Risk of SHA-1
Hi,
I believe that the big CAs already have cross signed SHA2 intermediaries anyway already, is it not just a matter of "stamp your foot down" and insist on a SHA2 intermediary?
Fully agree, "accepting risk" is a really stupid argument. You cannot accept risk... "Yes, my car has a faulty tyre, the light doesn't work and the seatbelt isn't working, I accept the risk in driving 70mph in the middle of the night" - here it sounds stupid, really stupid.
I love this SHA1 thingy. And how "certain" people get wound up and disagree just to disagree it seems, like: http://lwn.net/Articles/132513/
Then there is also https://shaaaaaaaaaaaaa.com/ I found this once a long time ago.
Last but not least, I recently had to argue with my broadband supplier at home, as their site to download bills only supports TLS_RSA_WITH_RC4_128_MD5 as a cipher suite. Yeah, it is 2015, right? We are talking about SHA1 here.
Cheers
Tom
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.