It seems that we are going to untrust SHA-1 generally on July 1, 2016 [1]. Do we already have a bug number for this? I can't find any. I think certificates with 'notAfter >= 2017-7-1' should get a triangle instead of the lock icon from now.
[1] https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/ Am 22.10.2015 um 10:31 schrieb Kurt Roeckx: > On 2015-10-21 22:18, [email protected] wrote: >> There was also a plan for certificates with 'notAfter >= 2017-1-1' >> (still valid in 2017+). >> Chrome already shows a broken https icon for them. >> See https://sha1-2017.badssl.com/ >> >> This was discussed in >> https://bugzilla.mozilla.org/show_bug.cgi?id=942515 > > So my understanding is that with Mozilla's current plan a SHA-1 > certificate with NotBefore < 2016-01-01 (and NotAfter >= 2017-01-01) > will not get any "Untrusted Connection". > > It would be nice that there was some other indication about SHA-1 > certificates other than in the Web Console that nobody will see. > > > Kurt > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
