Comment by duaneb
11 years ago
> FWIW, (valid) rogue certificates have been found in the wild several times, CAs have been compromised etc. ...
And it's only going to get worse as SHA-1 become more and more affordable to crack.
11 years ago
> FWIW, (valid) rogue certificates have been found in the wild several times, CAs have been compromised etc. ...
And it's only going to get worse as SHA-1 become more and more affordable to crack.
The CAs have agreed to stop using SHA-1 by 2016, and Let's Encrypt will launch with something stronger on day one.
But SHA-1 attacks are going to be a huge problem all over our protocol stack :(