I was going to suggest 4) in particular.
* we can't realistically turn off md5 support today in a shipping
browser, but will want to as the current certs expire or are replaced.
* Some concerned users will appreciate the ability to be more cautious
in the meanwhile. Assuming they know how to set this option they
know how to unset it should they encounter a site they really have
to visit. This will be a hard failure; users can't add an exception
for certs invalid for this reason, right?
* SHA1 may someday fall to a similar attack. The NIST has started
the process to define a SHA-3 so they must expect SHA-2 to fail
eventually as well.
If we disallow MD2 (which IMO we should) what happens to the roots that are self-signed using MD2? A couple of them expire soon anyway but this might clean out the rest.
I was going to suggest 4) in particular.
* we can't realistically turn off md5 support today in a shipping
browser, but will want to as the current certs expire or are replaced.
* Some concerned users will appreciate the ability to be more cautious
in the meanwhile. Assuming they know how to set this option they
know how to unset it should they encounter a site they really have
to visit. This will be a hard failure; users can't add an exception
for certs invalid for this reason, right?
* SHA1 may someday fall to a similar attack. The NIST has started
the process to define a SHA-3 so they must expect SHA-2 to fail
eventually as well.
If we disallow MD2 (which IMO we should) what happens to the roots that are self-signed using MD2? A couple of them expire soon anyway but this might clean out the rest.