[cabfpub] SHA-1 Collision Found

Eric Mill eric at konklone.com
Fri Feb 24 04:31:17 UTC 2017

On Thu, Feb 23, 2017 at 10:54 PM, Phillip Hallam-Baker via Public <
public at cabforum.org> wrote:

> Things have to break before some people will act. Which is why I consider
> the proposal to further reduce validity intervals to provide more
> procrastination time positively harmful.

To restate this, you're saying that it's better to keep long-lived certs
around, so that the heightened damage their misissuance would do will
increase the motivation of CAs/browsers to deprecate weaker algorithms.

I think that's a very difficult stance to defend. Holding one security
feature hostage to spur support for another doesn't seem likely to produce
security benefits, either in this case or the general case.

-- Eric

> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170223/3c85fb71/attachment-0003.html>

More information about the Public mailing list