Google acceleration of SHA-1 deprecation draws resistance

After some pushback from the industry, Google has revised its timetable for deprecating support of SHA-1 crypto hash for issuing TLS/SSL digital certificates, but the new schedule still may be too aggressive and nearly impossible for many web operators to meet.

Noting for quite some time that SHA-1 no longer offers an acceptable level of security, Google has made it clear would compel users to update their security certificates, moving from SHA-1 to SHA-2 over the next two to three years. And Microsoft, too, said last fall it would start withdrawing its support from SHA-1 on January 1, 2016, with the transition complete by January 1, 2017.

But the Google’s late August announcement that Chrome 39, due to be released within the next 12 weeks, will treat some sites as untrusted and that notifications would began appearing when users accessed those sites, took even advocates by surprise.

The accelerated schedule raised concerns that potentially hundreds of thousands of web operators may not be able to comply in the proposed timeframe and that users would find the notifications both confusing and alarming.

Read the Full Article: Source – SC Magazine

source not found

Related Article

Leave a Reply