@alexstamos @_mwc @sleevi_ is explaining it well. LV would affect lots of users that are using modern s/w, not just those using old stuff.
-
-
Replying to @BRIAN_____
@BRIAN_____@alexstamos@_mwc Right, the risk in SHA-1 is issuance; as long as new certs are issued, everyone who still trusts is at risk.4 replies 0 retweets 2 likes -
Replying to @sleevi_
@BRIAN_____@alexstamos@_mwc You can either stop issuance (~300 CAs) or stop trusting (~billions of devices). One is viable, the other isnt1 reply 0 retweets 1 like -
Replying to @sleevi_
@BRIAN_____@alexstamos@_mwc And stopping trusting is... hard. OpenSSL can't do it safely w/o causing damage, for example. Nor OS X.1 reply 0 retweets 1 like -
Replying to @sleevi_
@BRIAN_____@alexstamos@_mwc Nor Android. And Chrome can't cover it up short of rewriting all of that OS code into the browser, ala Mozilla2 replies 0 retweets 1 like
@sleevi_ @alexstamos @_mwc I have to admit I like Mozilla's approach here.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.