On 5/13/2016 5:31 PM, Mark Post wrote:
On 5/13/2016 at 03:21 PM, "Dyck, Lionel B. (TRA)" <lionel.d...@va.gov> wrote:
We asked IBM support about implementing SHA2 for the SMP/E FTP download
process and was told to open an RFE. That seems kinda insane given that SHA-1
seems to be heading to the heap of obsolete technologies.
Can anyone shed any light on this? Opening an RFE seems absurd given that
this is an industry standard for security that we are being forced into as I
type this and I'm sure we're not the only IBM customer who will be impacted
by the lack of SHA2 support.
Thanks - just something for the weekends discussion
If SHA-1 is obsolete, and I think it is, and were I an IBM customer, I would
possibly try opening an Integrity APAR with the support center.
Amen to that. The whole idea is "secure" delivery of IBM software using
an insecure method SHA-1 (whatwhat?). WTW.
http://news.netcraft.com/archives/2015/10/19/one-million-ssl-certificates-still-using-insecure-sha-1-algorithm.html
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
