I am hearing that the SHA1 Deprecation notices from MS/CHROME only apply to cert

Question

I am hearing that the SHA1 Deprecation notices from MS/CHROME only apply to certs that are a part of a public trusted root program. This makes one believe that IE will have new logic built in to allow it to distinguish certs issued by internal CA's as opposed to certs issued by Public CA's and NOT flag sites as unsafe that are deemed to be SHA1 internal?

So the way I see it is its kind of pointless to leave SHA1 legacy copies of certs in the trusted root store as a fallback if the browser is going to flag all SHA1 certs as unsafe anyway. Unless you are simply going for connectivity for legacy platforms that can't use SHA2 and don't care about warnings.

Thoughts?

Explanation / Answer

I'm fairly certain SHA-1 will be deprecated by most OS's by 2017. Especially with browsers taking the initiative and flagging certificates secured by SHA-1 by mid 2016 and Google's project Zero cracking the whip on implementing encryption over the web.

The issue here isn't about connectivity. It's about pressuring network administrators/device manufacturers/software developers to implement their encryption intelligently. Honestly, your even if your CA is an internal one SHA-1 has been proven to be breakable.

In my opinion, why implement encryption at all if you're going to do it wrong?

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.