Re: Debian SHA-1 deprecation

To: Daniel Pocock <daniel@pocock.pro>, debian-security@lists.debian.org
Subject: Re: Debian SHA-1 deprecation
From: Elmar Stellnberger <estellnb@gmail.com>
Date: Wed, 18 May 2016 17:09:52 +0200
Message-id: <[🔎] d6668eb1-f485-bbf9-2d52-82ae376c6001@gmail.com>
In-reply-to: <[🔎] 573C6C18.7080805@pocock.pro>
References: <[🔎] 573C6C18.7080805@pocock.pro>

Am 2016-05-18 um 15:20 schrieb Daniel Pocock:



Can anybody comment on how Debian users will be impacted by SHA-1
deprecation?

In particular:

- will libraries like OpenSSL and GnuTLS continue to support it in
stretch and beyond?

- will web servers like Apache support it in server certificates or
certificate chains?

- will web servers and other applications accept client certificates
containing SHA-1 hashes?

- if support for SHA-1 is being removed or disabled by default, will it
also be disabled in security updates to jessie and wheezy LTS?

Besides these issues; has anyone ever thought of deprecating md5sum-sin package headers and using sha256sums instead? That would be of greathelp for tools like debsums or https://www.elstel.org/debcheckroot.

Reply to:

Follow-Ups:
- Re: Debian SHA-1 deprecation
  - From: Paul Wise <pabs@debian.org>

References:
- Debian SHA-1 deprecation
  - From: Daniel Pocock <daniel@pocock.pro>

Prev by Date: Problems in https://www.debian.org/doc/manuals/securing-debian-howto
Next by Date: Re: debcheckroot v1.0 released
Previous by thread: Debian SHA-1 deprecation
Next by thread: Re: Debian SHA-1 deprecation
Index(es):
- Date
- Thread