On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG <nanog@nanog.org> wrote: [ reasonable analysis snipped :) ]
With all of these reasons all wrapped up. It clearly shows the level of hype around this attack is the result of sensationalist articles and clickbait titles.
I have trouble believing that Sleevi, Whalley et al spent years championing the uphill slog of purging the global web PKI infrastructure of SHA-1 to culminate in a flash-in-the-pan clickbait party. Instead, consider how long it has historically taken to pry known-to-be-weak hashes and crypto from entrenched implementations. If this round of hype actually scares CxOs and compliance bodies into doing The Right Thing in advance ... then the hype doesn't bother me in the slightest. Royce