Tim Hollebeek <tim.holleb...@digicert.com> wrote:
> Because it's easier for the client to decide what the client understands
> than it is for the server to decide what the client understands. Less
> complexity = less failures.
>
> Note that this is how XP was handled for code signing. The Authenticode
> spec actually made it so if you did things in the right order, XP would only
> see the SHA-1 signature, while more recent operating systems would see both
> the SHA-1 and SHA-2 signatures, ignore the SHA-1 signature, and use the
> SHA-2 signature. This allowed doubly-signed binaries that worked both on XP
> and non-XP systems. Unfortunately the technical steps to do so weren't
> widely publicized, but I know some companies took advantage of it.
Now that sounds weird.
If I look at the code signatures on my Windows 7 machine,
e.g.
C:\windows\ccm\CcmExec.exe
it carries one single digital signature & timestamp _from_Microsoft_
created 01-November-2017 and both with sha1RSA.
So it seems some vendors haven't really started migrating away from SHA-1.
-Martin
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
