30 Jan
2018
30 Jan
'18
4:29 p.m.
On 30 January 2018 at 10:16, Mark Smith mcs@pearlcrescent.com wrote:
- #13379: probably "no uplift" (for now at least). At any rate we'd
need to investigate first what we still need to carry over to ESR 60 here, given that https://bugzilla.mozilla.org/show_bug.cgi?id=1105689 got fixed.
Agreed on "no uplift" but note that in 1105689 Mozilla went with SHA384 instead of SHA512 (it seems there are security reasons for that choice). We could switch to SHA384 but we will need to think through the migration issues.
There is no real security benefit to 384 over 512; the folks who picked 384 figured "Well maybe length-extension-resistance is valuable" - but it's not.
-tom