Microsoft last week outlined the timetable it will use to drop browser support for sites that secure traffic with SHA-1 certificates, part of an Internet-wide plan to rid the Internet of the weaker encryption.
With the delivery of the
Windows 10 Anniversary Update -- slated to ship sometime this summer -- both Internet Explorer (IE) and Edge will stop displaying a lock icon for sites that reply on a SHA-1 certificate. That icon signals that the bits back and forth between browser and website are encrypted, and so not vulnerable to spying.
But Microsoft and other browser makers -- including Google and Mozilla -- have declared that SHA-1 certificates are unsafe because their encryption was insufficiently strong. Originally, the browser builders had agreed to stop trusting SHA-1-signed certificates on Jan. 1, 2017, but new research last year prompted them to consider a July 1, 2016 deadline.
