Skip to Content [alt-c]


In reply to Comment by Reader Thomas

Andrew Ayer on 2015-10-09 at 15:59:

Accepting risk for yourself is fine. What isn't fine is accepting risk on behalf of other people, which is what happens when a vocal minority demands that the SHA-1 deprecation date be extended.

SHA-2 intermediates don't help. As long as CAs are signing with SHA-1, and web browsers are accepting SHA-1 certificates, everyone is vulnerable to SHA-1, even those who use a 100% SHA-2 chain. That's why it's so important to kill SHA-1 as soon as possible, and not extend the deadline.


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.