SHA1 certificates for secure SSL/TLS communications are deprecated due to known computational vulnerabilities. To ensure secure communications, a forced deprecation sounds reasonable (i.e. refuse to connect to these). That has the side effect that it will lock out many users who are unable to use stronger hashes such as SHA256. However, if a fallback to SHA1 is provided (as Facebook is proposing), everyone will be vulnerable to SHA1 downgrade man-in-the-middle attacks.
What to do?
(Score: 2) by RamiK on Friday December 11 2015, @07:38PM
IPsec has SHA1 as well.
compiling...
(Score: 1, Interesting) by Anonymous Coward on Friday December 11 2015, @08:11PM
dammit. Sound like MD5 all over again.
To this day, POP, SMTP, SIP (possibly a stretch to include this one), PPPoE all use MD5 hashing as their strongest form of authentication.
(Score: 0) by Anonymous Coward on Saturday December 12 2015, @02:51AM
That is just not true for at least some of the protocols you cited. For example, SMTP can use any registered SASL. There are many different versions, including SCRAM-SHA-256, that do not have MD5 be their strongest form.