Santosh Chokhani wrote:
So, if you are relying on CAs, why not ask them to switch to SHA-1 as opposed to adding more software to the CA. SHA-1 is purely a configuration item for the CA deployments.
Because someday SHA-1 (and SHA-2, or any hash algorithm) may be subject to a similar collision generation attack, and the presence of unpredictable data in the cert will defeat it as well.
Just trying to be proactive here. -- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature