@sleevi_ Replacing 37m devices at $25 ea is ~1bn before distribution costs. That's clearly prohibitive, but upgrading browsers on = 0 capex.
-
-
@BRIAN_____@sleevi_@hillbrad@rmhrisk i was referring to the falling back from SHA-2 to SHA-1 in general. yes, no 2016 plans in there. -
@prdonahue@BRIAN_____@sleevi_@hillbrad I am a big CF fan. And you don't report to the CABF but if your plan has been to do LV for a year -
@prdonahue@BRIAN_____@sleevi_@hillbrad it would have been prudent to have that conversation sooner than a days before the year is out. -
@rmhrisk@BRIAN_____@sleevi_@hillbrad fallback plans are old. LV is new idea (matthew+alex discussion) not something we've been sitting on -
@prdonahue what will prevent LV from being used by modern browsers? Special LV policy OID blacklisted by them? -
@selecadm@prdonahue presumption is modern browsers will block SHA1 and any CAs that issue them anyways leaving you with the 37m leftovers. -
@selecadm@prdonahue there are a few issues. For example, the SHA1 certs coming from broadly trusted certs. Not all UAs are browsers. -
@selecadm@prdonahue CAs will now sell SHA1 through fear mongering and misinformation like they did SGC. A new "product" for the next decade
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.