fwiw, we've had to stop issuing SHA-512 certs for fear that it will affect users. We do have some 512s that are out there yet. I'd like to resume issuing 512s instead of 256 as soon as you believe the fix has been populated out to the user base. At that time we'll start to re- issue our 256s as 512s when they expire.
Our normal process is to choose a security stance that allows for the widest amount of access using protocols that are still considered secure. In this specific case, the algorithms to support 512 are (usually) part of the 256 set but yet provide a slightly better security posture and have slightly better hashing performance over 256. SHA-2 has been out since 2001 and I believe it's penetration is sufficient at this point for us to legitimately use it without any ill effects. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1434556 Title: tls in ubuntu-push client doesn't support certs with 384/512 signatures... To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1434556/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
