On Wed, 2021-07-14 at 14:13 -0400, Paul Wouters wrote:
> On Mon, 12 Jul 2021, Simo Sorce wrote:
> 
> > > SQLite is a general-purpose tool.  Not every use of SHA-1 is
> > > cryptographically relevant.  Most uses in the context of SQLite probably
> > > aren't, so the removal just annoys users for no good reason.
> > 
> > Note that this is a Sqlite decision, from RHEL engineering we only
> > requested the removal in digital signatures and where integrity
> > protection is required for security.
> > Also note that we do not require full removal, just that SHA-1 is not
> > used unless users intentionally change configuration.
> 
> How does this affect users of NSS who have created "default" databases,
> eg using certutil -N ?  Do these use SHA1? If so, can they be migrated
> to SHA2?  Automatically ?

I do not think this feature is used by NSS, CCing Bob.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc



_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to