Educause Security Discussion mailing list archives
Deprecation of SSL Certificates Using SHA-1
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 10 Oct 2014 15:11:26 +0000
Hello everyone. I don't know if you have been following the news about the plans browser providers have for deprecating SSL certificates that use the SHA-1 cryptographic hash, but I would be interested to hear what you all are doing with respect to replacing your SHA-1 certificates with SHA-2 certificates. Google (Chrome) has an ambitious plan already underway to progressively display more and more dire warning signs in their address bar. Their plan started to unfold in September and will culminate in January with release 41. Internet Explorer and Firefox are taking a slower approach starting in January 2016 and Safari is still trying to decide what to do. Google's statement is at: http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html Any feedback on what your institutions are doing would be appreciated.
<<attachment: winmail.dat>>
Current thread:
- Deprecation of SSL Certificates Using SHA-1 Roger A Safian (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Tim Faircloth (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 John Ladwig (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Ken Connelly (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Miguel Angel Gonzalez de la Torre (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Miller, Thomas (Oct 10)
- <Possible follow-ups>
- Re: Deprecation of SSL Certificates Using SHA-1 Roger A Safian (Oct 10)
- Re: Deprecation of SSL Certificates Using SHA-1 Albert Lunde (Oct 13)
- Re: Deprecation of SSL Certificates Using SHA-1 Tim Faircloth (Oct 10)