[193887] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Royce Williams)
Thu Mar 2 00:29:25 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <282798BA-220B-48D9-8800-AF1C5BF0131E@hexhost.net>
From: Royce Williams <royce@techsolvency.com>
Date: Wed, 1 Mar 2017 20:25:18 -0900
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG
<nanog@nanog.org> wrote:
[ reasonable analysis snipped :) ]
> With all of these reasons all wrapped up. It clearly shows the level of hype around this attack is the result of sensationalist articles and clickbait titles.
I have trouble believing that Sleevi, Whalley et al spent years
championing the uphill slog of purging the global web PKI
infrastructure of SHA-1 to culminate in a flash-in-the-pan clickbait
party.
Instead, consider how long it has historically taken to pry
known-to-be-weak hashes and crypto from entrenched implementations.
If this round of hype actually scares CxOs and compliance bodies into
doing The Right Thing in advance ... then the hype doesn't bother me
in the slightest.
Royce
