[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
The SHA1 sunset
From: |
Lars Magne Ingebrigtsen |
Subject: |
The SHA1 sunset |
Date: |
Sun, 03 Jan 2016 10:55:36 +0100 |
User-agent: |
Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) |
SHA1 is considered to be likely to be "broken" sometime this year (i.e.,
the NSA will be able to create SHA1 collisions that may enable them to
issue SHA1 certificates to themselves at will for any domain (some
people are very sceptical of this claim)), so I've added warnings about
SHA1 certificates to the "high" `network-security-level' setting in
Emacs 25.1 now.
Other browser makers have announced their intention to refuse to make
any TLS connection using SHA1-signed certificates on January 1st, but
I'm not sure whether they actually went through with this?
We might consider at some point in the future to move this check to the
"medium" (default) setting.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- The SHA1 sunset,
Lars Magne Ingebrigtsen <=
- Re: The SHA1 sunset, Eli Zaretskii, 2016/01/03
- Re: The SHA1 sunset, John Wiegley, 2016/01/03
- Re: The SHA1 sunset, Mike Gerwitz, 2016/01/03
- Re: The SHA1 sunset, Lars Magne Ingebrigtsen, 2016/01/04
- Re: The SHA1 sunset, Mike Gerwitz, 2016/01/05
- Re: The SHA1 sunset, Lars Magne Ingebrigtsen, 2016/01/05
- Re: The SHA1 sunset, Eli Zaretskii, 2016/01/04