Richard,
According to WP, as part of the EMV program, they are aggressively rolling out new devices to replace all old equipment in the field. They expect this to be completed by the end of the year. They have already moved a large number of devices to support SHA-2.
Again, per my previous post, the existing equipment are not "Worldpay terminals", rather equipment from many different suppliers, with various combinations of software/firmware. I'm not trying to justify it, just presenting the data.
Dean
On Wed, Feb 24, 2016 at 7:55 PM, Peter Gutmann <[email protected]>
wrote:
> [email protected] <[email protected]> writes:
>
> >While we are disappointed that a critical part of the Internet
> >infrastructure is holding back an increase in security, we believe that
> >this allowance strikes an acceptable compromise between minimizing
> >disruption and risk and encouraging migration away from SHA-1 as fast as
> >possible.
>
> I'd still really like to know the details of what happened here. As I've
> pointed out to others off-list, it's not to assign blame but to learn from
> it so that others won't make the same mistake in similar situations in the
> future.
>
I would as well, and I would also be interested in what Worldpay is doing
to migrate to SHA-2. Hopefully they or Symantec can comment here.
--Richard
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
wrote:
> [email protected] <[email protected]> writes:
>
> >While we are disappointed that a critical part of the Internet
> >infrastructure is holding back an increase in security, we believe that
> >this allowance strikes an acceptable compromise between minimizing
> >disruption and risk and encouraging migration away from SHA-1 as fast as
> >possible.
>
> I'd still really like to know the details of what happened here. As I've
> pointed out to others off-list, it's not to assign blame but to learn from
> it so that others won't make the same mistake in similar situations in the
> future.
>
I would as well, and I would also be interested in what Worldpay is doing
to migrate to SHA-2. Hopefully they or Symantec can comment here.
--Richard
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
