Re: F37 Proposal: Strong crypto settings: phase 3, forewarning 1/2 (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 1, 2022 at 12:14 PM Dan Čermák <dan.cermak@xxxxxxxxxxxxxxxxxxx> wrote:

They are going to break things, but Ubuntu 22.04 deprecated SHA1
signatures already, so it's very likely that a good chunk of the fallout
will be cleared by the time Fedora 38 and 39 ship.


In a similar (parallel) discussion related to future RHEL, it has been found this change also breaks resolution of many DNSSEC-secured domains which are still using SHA1 signatures. It is impossible to know how long it will be before those domains upgrade to better signatures, and at the moment it's rather challenging for resolvers to be able to determine that the resolution failure was caused by local policy instead of an actual invalid signature.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux