There was also a plan for certificates with 'notAfter >= 2017-1-1' (still valid in 2017+). Chrome already shows a broken https icon for them. See https://sha1-2017.badssl.com/
This was discussed in https://bugzilla.mozilla.org/show_bug.cgi?id=942515 Am 21.10.2015 um 10:17 schrieb Kurt Roeckx: > On 2015-10-20 20:39, Kathleen Wilson wrote: >> - We are re-evaluating when we should start rejecting all SHA-1 SSL >> certificates (regardless of when they were issued). As we said before, >> the current plan is to make this change on January 1, 2017. However, in >> light of recent attacks on SHA-1, we are also considering the >> feasibility of having a cut-off date as early as July 1, 2016. > > I'm all for moving away from it as soon as possible. But from what I > understand the SHAppening is no reason to panic yet, so I currently > don't see a reason to change the schedule. > > > Kurt > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
