Santosh Chokhani wrote:
So, if you are relying on CAs, why not ask them to switch to SHA-1 as
opposed to adding more software to the CA. SHA-1 is purely a
configuration item for the CA deployments.
Because someday SHA-1 (and SHA-2, or any hash algorithm) may be subject
to a similar collision generation attack, and the presence of
unpredictable data in the cert will defeat it as well.
Just trying to be proactive here.
-- Tim
smime.p7s
Description: S/MIME Cryptographic Signature