Hi Werner, > On 12. Feb 2025, at 09:25, Werner Koch via Gcrypt-devel > <gcrypt-devel@gnupg.org> wrote: > > On Mon, 3 Feb 2025 15:56, Lucas Mulling said: > >> Consider: NIST's deprecation of SHA1, effective 2030-12-31. > > That are 5.5 years in the future. Not a good idea to do it now.
This matters because FIPS validations are valid for five years, but will have their lifetime limited to NIST’s SHA1 sunset date if they allow SHA1. If you do a FIPS validation now, you’ll likely get a certificate in ~2 years, which then won’t be valid for 5, but only 3, because the build included support for SHA1. -- Clemens Lang RHEL Crypto Team Red Hat _______________________________________________ Gcrypt-devel mailing list Gcrypt-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
