Facebook wants a kinder, gentler end for SHA-1
Graceful migration would help the other three billion
Facebook has broken ranks with the world's major browser vendors, asking that the ancient SHA-1 has algorithm go out with a whimper rather than a bang.
As has been predicted for some years, computing power has long since caught up with SHA-1, and today's best practice is to replace it with SHA-256.
Microsoft, Mozilla and Google have all either retired it already, or set down dates for its deprecation.
However, Facebook's Alex Stamos argues here that too hard a cut-off will harm users in developing countries.
Stamos says between 3 and 7 per cent of browsers in use can't handle SHA-256, and since these are disproportionately in developing countries, “the likely outcome in those counties will be a serious backslide in the deployment of HTTPS”.
He says Facebook has been experimenting with a graceful fallback, so that if a user agent can't cope with SHA-256 it can still connect.
The solution is based on a TLS “termination edge” that supports certificate switching: if the browser can only handle SHA-1, it still gets an HTTPS connection, but for newer browsers the connection will use SHA-256.
“We should be investing in privacy and security solutions for these people, not making it harder for them to use the Internet safely”, Stamos writes.
To make this approach more broadly available, Facebook wants the CA/Browser Forum to create what Stamos calls a “Legacy Verified Certificate”.
A holder of that kind of certificate would be allowed to sign SHA-1 certs, but only if it demonstrates that it supports SHA-256 for modern browsers.
The company has also published the code it uses for certificate switching here, as part of its Proxygen HTTP library. ®