[cabfpub] SHA-1 identical prefix collisions
philliph at comodo.com
Sat Oct 10 21:22:20 MST 2015
That does not follow.
If all it took to effect a transition was to vote, everything would be a lot simpler. The question is still whether the insecurity due to a delay is greater or less than the insecurity due to attempting a transition before everyone is ready.
On Oct 10, 2015, at 11:06 PM, Richard Wang <richard at wosign.com> wrote:
> The final sentence is the important one – “Vote NO”:
> The paper was written by Marc Stevens, Pierre Karpman, and Thomas Peyrin. The new calculations, should they be confirmed by the researchers' peers, are likely to provide a strong argument for voting no and instead quickly migrating to use of SHA2, which is much more resistant to collisions.
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Phillip Hallam-Baker
> Sent: Sunday, October 11, 2015 9:10 AM
> To: CABFPub <public at cabforum.org>
> Subject: [cabfpub] SHA-1 identical prefix collisions
> Just a heads up that this is about to hit the wires and it is a public holiday on Monday in many parts of the US.
> It really shouldn’t be cause for anyone to be alarmed. These attacks do not allow someone to forge a certificate or break TLS. Any CA that is following the guidelines on incorporating randomness will not be vulnerable even if the more powerful collision attacks are achieved.
> This was anticipated and the phase out process is already in place.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public