Skip to Content [alt-c]
In reply to Comment by Reader Thomas
Accepting risk for yourself is fine. What isn't fine is accepting risk on behalf of other people, which is what happens when a vocal minority demands that the SHA-1 deprecation date be extended.
SHA-2 intermediates don't help. As long as CAs are signing with SHA-1, and web browsers are accepting SHA-1 certificates, everyone is vulnerable to SHA-1, even those who use a 100% SHA-2 chain. That's why it's so important to kill SHA-1 as soon as possible, and not extend the deadline.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.