Presumably the thinking is that certs shouldn't be issued with a validity more t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

paulannesley on Sept 6, 2014 | parent | context | favorite | on: Gradually sunsetting SHA-1

Presumably the thinking is that certs shouldn't be issued with a validity more than a year or two. So certs expiring 2017 shouldn't be issued before 2015 or 2016… plenty of time for people to start issuing newer certs with stronger hashing. And if they don't… it's just a small visual warning, for now. Other than not getting this started sooner, it seems fine to me.

sophiebits on Sept 6, 2014 [–]

> small visual warning

The post says that in Chrome 41 (Q1 2015) the https will display in red with a strikethrough, which is more than a small visual warning.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact