From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: The SHA1 sunset
Date: Mon, 04 Jan 2016 23:14:06 +0100
Message-ID: <m3y4c5vvpt.fsf@gnus.org>
References: <m3twmvdm1z.fsf@gnus.org> <83fuyead32.fsf@gnu.org>
	<m21t9yxwnh.fsf@newartisans.com> <m3bn9288rf.fsf@gnus.org>
	<87si2eayc5.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1451945698 12185 80.91.229.3 (4 Jan 2016 22:14:58 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 4 Jan 2016 22:14:58 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Mike Gerwitz <mtg@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 04 23:14:47 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1aGDOo-0003wB-T4
	for ged-emacs-devel@m.gmane.org; Mon, 04 Jan 2016 23:14:47 +0100
Original-Received: from localhost ([::1]:47324 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1aGDOo-0003mN-8G
	for ged-emacs-devel@m.gmane.org; Mon, 04 Jan 2016 17:14:46 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43053)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1aGDOk-0003m3-SG
	for emacs-devel@gnu.org; Mon, 04 Jan 2016 17:14:43 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1aGDOg-0003SJ-3I
	for emacs-devel@gnu.org; Mon, 04 Jan 2016 17:14:42 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:59370)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>)
	id 1aGDOf-0003Rr-Sw; Mon, 04 Jan 2016 17:14:38 -0500
Original-Received: from cm-84.215.1.64.getinternet.no ([84.215.1.64] helo=stories)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1aGDOA-00039q-En; Mon, 04 Jan 2016 23:14:06 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUQCQwfGBL+//JWTjYM
	BgsKBAn///8FAQPl2sEHAgTVb6JyAAACWUlEQVQ4jV2UsWvjMBTGJeJAbrNQCpl9EDzGVQ88ulSG
	6+Zy1pC1g+l4SzEdYx1B4x2cCfpv73uSHaf3hkD00/e+J+k9M9NqXTEKcRspG40xEyhEmqbg4R/D
	uk7CdlmEnXMAtBpAFgoRt2sEpQrrSpWOCEsSPYNK0Lp1zll1YCzRFdXjR8OkwHY3ZJlTMAkKAAgk
	1rOs67rcFoIUCerxhtP+fUfxamF/VXCpXNbFyC3ZB3M/Agz7CUBShHIrNo6Pshy6OZwq0qTWLVK1
	XLnrepcTiB4Ai6B7sxGw/8ErCp4UnyxCwdHcc1lmn0Gq2wl0N0FlxXK5uHf7ReFiKoZzVKo8Lwry
	qENVYyXUAt6iOR67HzWXS1n5DWi5dDcWuHgWUnnNFgUE8Xqh8G0l7vfXU6h4cgKm4i7bTwJqoSR6
	AKzQB/t4OpFydlU0K/QObLLuKzkv4GUlBN4kdy4v0thuAfiGmtOhUjUUUx/CpPeXPyuVSkfG8sRu
	FJe/6DLpzhYFOVYlM3hveNpqIc8ngN1B6wl8YAKauik25YFL5LqCseJC1FLtCrZCDTZmgnnLCAix
	EeyJcj1UM8DphdFmI7ePACvkqkPDGeTjz0e/USkNJUOuOgwZDQ579mYnixfcOCsfCGDKvMe9j/64
	Ky2nCXw6aUNzSeDjy2/fl0O+lWJdNzYoTACXvo+gWBtTbgkc2SUs970a8rsfW+/Hp1/m4scj62N8
	2CEXUPuxscbfgHd774q17zHE5R1+ruCnHTJ7B+CP378FjxnQB2N99CMeFKA1M+jxxAiYmHCM+h+2
	yD8khyOT2gAAAABJRU5ErkJggg==
In-Reply-To: <87si2eayc5.fsf@gnu.org> (Mike Gerwitz's message of "Sun, 03 Jan
	2016 21:10:50 -0500")
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux)
X-MailScanner-ID: 1aGDOA-00039q-En
MailScanner-NULL-Check: 1452550446.53499@wjvr1aerqYLQ8d7AwwzlMA
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:197632
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/197632>

Mike Gerwitz <mtg@gnu.org> writes:

> The date that browsers implement warnings is arbitrary; this is still
> certainly "a thing".
>
> https://sites.google.com/site/itstheshappening/

I'm not sure why you're linking to that site?

The question isn't whether the NSA are able to do SHA-1 collisions
(which I think everybody assumes that they can, albeit expensively), but
whether they can create certificates.  The jury is out on that one, and
many people think that it's not a thing (yet) (with certificates with
the recommended entropy in serial numbers and dates).

https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/

> Such a warning will not be bogus, and it would be a service to warn
> users even if others don't.

It will almost certainly be bogus (now).  Next year, perhaps not.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no