Educause Security Discussion mailing list archives
Re: Deprecation of SSL Certificates Using SHA-1
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 10 Oct 2014 20:20:39 +0000
Just wanted to take a moment to thank everyone for replying. FWIW, were discussing our options here now. Personally I'd like to see all SHA-1 certificates that are expiring on or after Jan 1st 2016 replaced with New SHA-2 certificates. This should keep the certificates from having any of the alerts Chrome intends to put up. (BTW, I already see these on some certificates, it's not a problem yet. I just fear that we need to be in front of this before it becomes one.) That's a lot of work, so it's nice to know what others are doing in this regard. Thanks again.
-----Original Message----- From: Roger A Safian Sent: Friday, October 10, 2014 10:11 AM To: 'The EDUCAUSE Security Constituent Group Listserv (SECURITY () LISTSERV EDUCAUSE EDU)' Subject: Deprecation of SSL Certificates Using SHA-1 Hello everyone. I don't know if you have been following the news about the plans browser providers have for deprecating SSL certificates that use the SHA-1 cryptographic hash, but I would be interested to hear what you all are doing with respect to replacing your SHA-1 certificates with SHA-2 certificates. Google (Chrome) has an ambitious plan already underway to progressively display more and more dire warning signs in their address bar. Their plan started to unfold in September and will culminate in January with release 41. Internet Explorer and Firefox are taking a slower approach starting in January 2016 and Safari is still trying to decide what to do. Google's statement is at: http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting- sha-1.html Any feedback on what your institutions are doing would be appreciated.
<<attachment: winmail.dat>>
Current thread:
- Deprecation of SSL Certificates Using SHA-1 Roger A Safian (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Tim Faircloth (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 John Ladwig (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Ken Connelly (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Miguel Angel Gonzalez de la Torre (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Miller, Thomas (Oct 10)
- <Possible follow-ups>
- Re: Deprecation of SSL Certificates Using SHA-1 Roger A Safian (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Albert Lunde (Oct 13)
- Re: Deprecation of SSL Certificates Using SHA-1 Tim Faircloth (Oct 10)