[OWASP-South Africa] SHA1

Wellington Mekhoe wmekhoe at gmail.com
Wed Oct 8 19:41:38 UTC 2014


Thanks for the feedback.

So you would recommend that we still buy SHA1 certificates that would
expire end 2015 or move directly to SHA256?  The reason I'm asking is that
my friends and I wanted to buy a certificate for some free and open source
development work after hours.

On Wed, Oct 8, 2014 at 6:54 PM, Brett Russell <brett.russell at owasp.org>
wrote:

> Apparently they tried to switch to SHA256 and had to switch back to SHA1
> because 5% of their site browsers (mozilla.org) could not get access to
> download Firefox? Seems everyone is issuing SHA1 certs to expire at the end
> of 2015, that's what I recommended at work as well.
>
> On Wed, Oct 8, 2014 at 10:03 AM, Wellington Mekhoe <wmekhoe at gmail.com>
> wrote:
>
>> Have you heard Mozilla's position on this matter?
>>
>> If I get any news, I will share it with you and the community.
>> On 07 Oct 2014 6:37 AM, "Brett Russell" <brett.russell at owasp.org> wrote:
>>
>>> My concern is the devices, browsers etc that don't support sha256,
>>> especially when in my opinion, the move is not really necessary?
>>>
>>> On Saturday, October 4, 2014, Wellington Mekhoe <wmekhoe at gmail.com>
>>> wrote:
>>>
>>>> Hi Brett
>>>>
>>>> I think for now most people won't care about the changes, however as
>>>> chrome is being used more now for business use, companies will be forced to
>>>> upgrade their certificates.
>>>>
>>>> Kind regards
>>>> Wellington Mekhoe
>>>> On 26 Sep 2014 9:14 PM, "Brett Russell" <brett.russell at owasp.org>
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> As most of you probably know, Google plans to start "sunsetting" SHA1
>>>>> support with some interesting changes to Chrome:
>>>>>
>>>>>
>>>>> http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
>>>>>
>>>>> There have been some interesting responses from the global security
>>>>> community, what do you have to say about all this? Is anyone in SA actually
>>>>> going to care, or upgrade their certificate to cater for this?
>>>>>
>>>>> Kind Regards,
>>>>> Brett Russell
>>>>> OWASP South Africa Chapter Leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-SouthAfrica mailing list
>>>>> OWASP-SouthAfrica at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-southafrica
>>>>>
>>>>>
>>>
>>> --
>>>
>>> Kind Regards,
>>> Brett Russell
>>> OWASP South Africa Chapter Leader
>>>
>>>
>
>
> --
>
> Kind Regards,
> Brett Russell
> OWASP South Africa Chapter Leader
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-southafrica/attachments/20141008/75c732b7/attachment-0001.html>


More information about the OWASP-SouthAfrica mailing list