Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
I think we should hold this discussion for the day that CMS is updated.
The whole point of raising the issue now is to make sure that it's not a
problem when CMS is updated. TLS has been hit hard by this, OpenPGP is going
through the throes of being hit by it, given that we've seen what happened
there it seems ill-advised to just sit back and wait for CMS to be affected as
well rather than being proactive about it.
(For fans of the UK comedy Hyperdrive, it reminds me of this scene:
https://youtu.be/hhSOy0ADJ5s?t=448: "They've shot the captain, they've shot
the first officer, they're stopping to reload, I wonder what they'll do next".
It's hit TLS, it's hit OpenPGP, I wonder what it'll hit next).
smime mailing list