Skip to Content [alt-c]

Andrew Ayer

Sections

I Don't Accept the Risk of SHA-1

Comment by Reader Thomas

This comment is owned by whoever posted it. I am not responsible for it in any way.

Hi,

I believe that the big CAs already have cross signed SHA2 intermediaries anyway already, is it not just a matter of "stamp your foot down" and insist on a SHA2 intermediary?

Fully agree, "accepting risk" is a really stupid argument. You cannot accept risk... "Yes, my car has a faulty tyre, the light doesn't work and the seatbelt isn't working, I accept the risk in driving 70mph in the middle of the night" - here it sounds stupid, really stupid.

I love this SHA1 thingy. And how "certain" people get wound up and disagree just to disagree it seems, like: http://lwn.net/Articles/132513/

Then there is also https://shaaaaaaaaaaaaa.com/ I found this once a long time ago.

Last but not least, I recently had to argue with my broadband supplier at home, as their site to download bills only supports TLS_RSA_WITH_RC4_128_MD5 as a cipher suite. Yeah, it is 2015, right? We are talking about SHA1 here.

Cheers

Tom

| Posted on 2015-10-09 at 09:51:51 UTC by Reader Thomas | Reply to This

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible. Use the "Preview" button to make sure your comment is properly formatted. Name and email address are optional. If you specify an email address it will be kept confidential.

Post Comment


(Optional; will be published)


(Optional; will not be published)


(Optional; will be published)


  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.