Re: A couple of questions and concerns about Emacs network security

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From:	Jimmy Yuen Ho Wong
Subject:	Re: A couple of questions and concerns about Emacs network security
Date:	Mon, 25 Jun 2018 18:20:55 +0100

However, the thing that's protecting against (a SHA1 intermediate
certificate (oops, I see I've called it "intermediary" in the code and
doc; I'll fix that now)) is, I seem to remember, now being considered a
realistic attack (i.e., you can generate valid-looking fake certificates
based on one).

Or do I misremember? I tried googling now, and I couldn't find anybody
actually achieving that yet...

It's all about collisions[1], it's mostly a precaution, as no one has found an actual collistion for a cert yet, but Google has found collision for PDF last year [2].

[1]: https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html

[2]: https://shattered.io/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: A couple of questions and concerns about Emacs network security, (continued)

Prev by Date: Re: auto-complete popup is broken on master
Next by Date: Re: A couple of questions and concerns about Emacs network security
Previous by thread: Re: A couple of questions and concerns about Emacs network security
Next by thread: Re: A couple of questions and concerns about Emacs network security
Index(es):
- Date
- Thread