@alexstamos @fugueish @newshtwit What's the security value of preventing downgrade to a valid SHA-1 cert? The connection is no less secure.
-
-
Replying to @__agwa
@alexstamos@fugueish @newshtwit Real risk is from a forged SHA-1 cert. If attacker has one they'll use it to MitM and bypass cert switching1 reply 0 retweets 1 like -
Replying to @__agwa
@alexstamos@fugueish @newshtwit Which is why CAs need to STOP issuing SHA-1 certs, so it becomes impossible to create forgeries.1 reply 0 retweets 2 likes
@alexstamos @fugueish @newshtwit And is why Symantec was rebuffed whey they asked for essentially the same thing you are asking for now.
11:02 AM - 9 Dec 2015
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.