SP entityID from multiple metadata sources
Cantor, Scott
cantor.2 at osu.edu
Thu May 7 15:22:58 EDT 2015
On 5/7/15, 3:07 PM, "Paul Engle" <pengle at rice.edu> wrote:
>
>Oh no, I know it's not required. But we're going to have to dump the
>SHA1 certs eventually. And it's a lot easier to get people understand
>possible disruption because we're doing a major upgrade of the software
>than to try to explain the vagaries of encryption technologies to them
>later on.
It's somewhat risky either way because it tends to create FUD around the change (look at this mess V3 has caused), but that aside, Shibboleth per se does not use SHA-1 in those certs, it's meaningless. Obviously other software does. But you can avoid a good amount of impact by reusing the same key and just changing the certificate.
-- Scott
More information about the users
mailing list