SP entityID from multiple metadata sources
Paul Engle
pengle at rice.edu
Thu May 7 15:43:58 EDT 2015
On 5/7/2015 2:22 PM, Cantor, Scott wrote:
> On 5/7/15, 3:07 PM, "Paul Engle" <pengle at rice.edu> wrote:
>>
>> Oh no, I know it's not required. But we're going to have to dump the
>> SHA1 certs eventually. And it's a lot easier to get people understand
>> possible disruption because we're doing a major upgrade of the software
>> than to try to explain the vagaries of encryption technologies to them
>> later on.
>
> It's somewhat risky either way because it tends to create FUD around the change (look at this mess V3 has caused), but that aside, Shibboleth per se does not use SHA-1 in those certs, it's meaningless. Obviously other software does. But you can avoid a good amount of impact by reusing the same key and just changing the certificate.
>
> -- Scott
>
Now I feel silly for not thinking of that myself. That would simplify
things a great deal. Once again, you've been a great help. Thanks!
-paul
--
Paul D. Engle | Rice University
Sr. Systems Administrator | Information Technology - MS119
(713)348-4702 | PO Box 1892
pengle at rice.edu | Houston, TX 77252-1892
More information about the users
mailing list