I think you may have buried the lede a little bit here, Rick :-)
The questions are:
* Does NSS correctly handle the case where a SHA-1 root signs a SHA-2
CRL or OCSP response?
* Which version of Firefox first supported SHA-2?
I believe the answer to the first question is Yes; NSS doesn't
This discussion started in the CA/Browser Forum public list; I'm moving it here
at Gerv's suggestion.
Mozilla recently posted its SHA-1 policy here:
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/.
This blog is helpful, but not
2 matches
Mail list logo