Hacker News new | past | comments | ask | show | jobs | submit login

After reading that blog post from Microsoft, I believe even stronger now that Google is approaching this carelessly. Microsoft announced this almost a year ago and yet the blog post reads that they are giving until January 1st 2017 until they will stop accepting SHA-1 certs. Google announced this today and starting in 22 days they will be showing a Yellow Lock on my certificate just because the cert is set to expire AFTER January 1st, 2017. That is very different approaches!



Presumably the thinking is that certs shouldn't be issued with a validity more than a year or two. So certs expiring 2017 shouldn't be issued before 2015 or 2016… plenty of time for people to start issuing newer certs with stronger hashing. And if they don't… it's just a small visual warning, for now. Other than not getting this started sooner, it seems fine to me.


> small visual warning

The post says that in Chrome 41 (Q1 2015) the https will display in red with a strikethrough, which is more than a small visual warning.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: