Tim Hollebeek <tim.holleb...@digicert.com> wrote: > Because it's easier for the client to decide what the client understands > than it is for the server to decide what the client understands. Less > complexity = less failures. > > Note that this is how XP was handled for code signing. The Authenticode > spec actually made it so if you did things in the right order, XP would only > see the SHA-1 signature, while more recent operating systems would see both > the SHA-1 and SHA-2 signatures, ignore the SHA-1 signature, and use the > SHA-2 signature. This allowed doubly-signed binaries that worked both on XP > and non-XP systems. Unfortunately the technical steps to do so weren't > widely publicized, but I know some companies took advantage of it.
Now that sounds weird. If I look at the code signatures on my Windows 7 machine, e.g. C:\windows\ccm\CcmExec.exe it carries one single digital signature & timestamp _from_Microsoft_ created 01-November-2017 and both with sha1RSA. So it seems some vendors haven't really started migrating away from SHA-1. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls