"Failed" might be a bit strong :) We had a temporary setback. Like the blog post says, we're working on more precisely characterizing how widespread and how broken these middleboxes are, before taking steps to re-enable the SHA-1 restrictions. I still think we're on track for turning off SHA-1 entirely (together with the other browsers) sometime around EOY, but obviously there's a bit more uncertainty now.
One thing that has been proposed is to have an exception for local roots, i.e., to let non-default trust anchors continue to use SHA-1 for some more time. What do folks here think about that idea? On Sun, Jan 17, 2016 at 2:19 PM, <[email protected]> wrote: > We failed because of MITM certs: > > https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/ > > But you can set security.pki.sha1_enforcement_level manually. > > > Am 16.01.2016 um 00:16 schrieb [email protected]: > > it's early 2016 and wondering if a decision has been made on the dates? > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
