Skip to Content [alt-c]

Comment

In reply to I Don't Accept the Risk of SHA-1

Reader Thomas on 2015-10-09 at 09:51:

Hi,

I believe that the big CAs already have cross signed SHA2 intermediaries anyway already, is it not just a matter of "stamp your foot down" and insist on a SHA2 intermediary?

Fully agree, "accepting risk" is a really stupid argument. You cannot accept risk... "Yes, my car has a faulty tyre, the light doesn't work and the seatbelt isn't working, I accept the risk in driving 70mph in the middle of the night" - here it sounds stupid, really stupid.

I love this SHA1 thingy. And how "certain" people get wound up and disagree just to disagree it seems, like: http://lwn.net/Articles/132513/

Then there is also https://shaaaaaaaaaaaaa.com/ I found this once a long time ago.

Last but not least, I recently had to argue with my broadband supplier at home, as their site to download bills only supports TLS_RSA_WITH_RC4_128_MD5 as a cipher suite. Yeah, it is 2015, right? We are talking about SHA1 here.

Cheers

Tom

Reply

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.