From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: James Cloos Newsgroups: gmane.emacs.devel Subject: Re: The SHA1 sunset Date: Mon, 04 Jan 2016 18:04:02 -0500 Message-ID: References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1451948727 26803 80.91.229.3 (4 Jan 2016 23:05:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 4 Jan 2016 23:05:27 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 05 00:05:19 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aGEBj-0008Sc-Kb for ged-emacs-devel@m.gmane.org; Tue, 05 Jan 2016 00:05:19 +0100 Original-Received: from localhost ([::1]:47446 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aGEBi-0005lR-MD for ged-emacs-devel@m.gmane.org; Mon, 04 Jan 2016 18:05:18 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53779) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aGEBT-0005kk-9e for emacs-devel@gnu.org; Mon, 04 Jan 2016 18:05:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aGEBO-0005BL-7m for emacs-devel@gnu.org; Mon, 04 Jan 2016 18:05:03 -0500 Original-Received: from ore.jhcloos.com ([198.147.22.87]:44580) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aGEBN-00057S-Ug for emacs-devel@gnu.org; Mon, 04 Jan 2016 18:04:58 -0500 Original-Received: by ore.jhcloos.com (Postfix, from userid 10) id 0EB381E12B; Mon, 4 Jan 2016 23:04:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore14; t=1451948675; bh=Vf3d95NBzIG2HEPKonNoQ5wCFDanVIHap7BVaU9tkIg=; h=From:To:Subject:In-Reply-To:References:Date:From; b=lZEZ0JA53u1akClTdhAZ5aLC91COe6MwKn0tcCTPgBN9Bw5HvePfLk+MxfMOIke1L LpFyxhRcRu3aI1Cf5/pWyNmJ+zz1x83sxa+5IV2YJ95S/eLvWHdbFeqNJmWeJRQOFW I+cW0fvroVrLZdzt9/mk6qS+7vyHBmXgAT9h5MrU= Original-Received: by carbon.jhcloos.org (Postfix, from userid 500) id 167121003CD26; Mon, 4 Jan 2016 23:04:02 +0000 (UTC) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Sun, 03 Jan 2016 10:55:36 +0100") User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC Copyright: Copyright 2015 James Cloos OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Original-Lines: 21 X-Hashcash: 1:28:160104:emacs-devel@gnu.org::2qAZphaCwVKoX3MV:00000000000000000000000000000000000000000A+jBx X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 198.147.22.87 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:197636 Archived-At: >>>>> "LMI" == Lars Magne Ingebrigtsen writes: LMI> Other browser makers have announced their intention to refuse to make LMI> any TLS connection using SHA1-signed certificates on January 1st, but LMI> I'm not sure whether they actually went through with this? No, they are rejecting and cert which uses sha1 and claims to have been issued after 2016-01-01T00:00:00. The latter part is important. The commercial CAs have agreed not to issue any sha1 certs starting on that date, so the refusal does not affect anything using mainstream commercial certs. So the browser vendors are not doing anything of actual value, just engaging in some theatre. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6