ons 2014-06-18 klockan 21:58 -0700 skrev jungleboogie0: > On 18 June 2014 21:35, Colin Percival <cperciva@tarsnap.com> wrote: > > On 06/18/14 20:12, jungleboogie0 wrote: > >> I was wondering if you will be upgrading to a SHA2 SSL/TLS cert in > >> August when your existing SSL/TLS expires. > > > > No. Not sure I see any point really... > > Well would anything detrimental be introduced that could possibly > break it? Probably not. > > > > >> You could even go with ECDSA for extra nerd points! > > > > You mean, if I wanted less compatibility? > > Security is always a trade off... Really? How would sha2/ecdsa signed certs in this individual case improve security in any meaningful manner? I mean, no matter how the (www.)tarsnap.com cert is signed it would be just as effective to go after a sha1 signed intermediate CA certificate. Given the way the https:// and CAs are used in regular web browsers today you only really get a meaningful change when you collectively move of the lowest common denominator, such as the current/recent move of md5 signed certs. There is a of course a huge benefit in trying to move of the current flat CA trust model, but that is another matter. // Andreas
Attachment:
signature.asc
Description: This is a digitally signed message part