- From: Mike West <mkwst@google.com>
- Date: Thu, 23 Oct 2014 15:41:06 +0200
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WebAppSec WG <public-webappsec@w3.org>
Received on Thursday, 23 October 2014 13:41:55 UTC
Chrome will need to implement something in Q1 as part of the SHA-1 deprecation, as outlined here: http://googleonlinesecurity.blogspot.de/2014/09/gradually-sunsetting-sha-1.html. Firefox might be in a similar position? -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Thu, Oct 23, 2014 at 3:35 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Oct 23, 2014 at 3:32 PM, Mike West <mkwst@google.com> wrote: > > Chrome simply refuses to connect to anything it considers weak or > > deprecated, which simplifies the mixed content logic dramatically. > > Right, you can just check for "https" / "wss". Is there a browser that > does not follow this approach? > > > -- > https://annevankesteren.nl/ >
Received on Thursday, 23 October 2014 13:41:55 UTC