Le jeudi 25 septembre 2014 22:54:07 UTC+2, Hubert Kario a écrit : > ----- Original Message ----- > > From: "Chris Palmer" <[email protected]> [...] > > SHA-1 signature algorithms are not per se bad right now; what's bad is > > certificate chains using SHA-1 that will/would be valid too far in the > > future. Between now and 1 Jan 2016, and between then and 1 Jan 2017, > > there is plenty of time to get a new certificate, signed with a > > SHA-256-based signature function. > > It's debatable if the 2016 date is good. NIST doesn't agree....
According to NIST SP800-57 Part 1, doing a signature with SHA-1 is deprecated since 2011 and disallowed since 2014. We're not too far from NIST. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
