In reply to comment 17,
This patch affects code that is not inside of the FIPS boundary.
I think that if One browser unilaterally disables MD5, and other browsers
do not, in the short term, it will merely drive users to other browsers.
So, it seems best (IMO) for the browsers to act together in concert on this.
I think that's feasible. The different browsers have been remarkably
cooperative in this area, especially within the CA-Browser forum.
But this begs some questions about older browsers.
Will we update FF2?
Will we expect MS to update IE6?
In reply to comment 17,
This patch affects code that is not inside of the FIPS boundary.
I think that if One browser unilaterally disables MD5, and other browsers
do not, in the short term, it will merely drive users to other browsers.
So, it seems best (IMO) for the browsers to act together in concert on this.
I think that's feasible. The different browsers have been remarkably
cooperative in this area, especially within the CA-Browser forum.
But this begs some questions about older browsers.
Will we update FF2?
Will we expect MS to update IE6?