> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf > Of Viktor Dukhovni > Sent: Monday, July 10, 2017 13:24 > To: openssl-users@xxxxxxxxxxx > Subject: Re: Rejecting SHA-1 certificates > > On Mon, Jul 10, 2017 at 08:19:11PM +0200, Niklas Keller wrote: > > > > What's your threat model, and how does it justify this effort? > > > > The same as for browsers I guess. Could you explain why browsers and > Java > > disable SHA1, but it's not worth for me doing so? > > The browsers and Java do this because they can (they control the > underlying libraries) and in order to prod the CAs into action, > and to force server operators to move to SHA2. That, and PR. Google has Chrome deprecate SHA-1, so they can wave the security flag. Then everyone else has to follow suit to prove they're equally concerned with security. Security is always about economics. Deprecating SHA-1 is cheap for the major browsers; there's a small development cost and some irritation to users, but if all the major browsers do it, then the latter becomes an externality - it's not going to cost the browsers any market share. And while it doesn't have a lot of value, as Viktor pointed out, it does prod CAs and server owners to update now, before there's any real threat. So there's some return - enough to justify their investment. For the vast majority of OpenSSL-based applications, the higher cost is not justified by the lower return. We've already noted why the cost is higher. The return is lower because most OpenSSL-based applications are much less prominent than browsers, so fewer people will notice (thus there's less PR and industry-prodding benefit) and less risk of some wildly well-resourced attacker trying to forge a certificate (assuming that's even feasible, given the constraints of the format). More generally, making security decisions without understanding your threat model and at least estimating the cost/benefit ratio is a Bad Thing. It's stabbing in the dark. And it's critical to include the opportunity cost - could those resources be put to better use, such as finding and fixing more realistic vulnerabilities? Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
