On 29/11/13 10:13, Samuel L wrote: > I suppose that this requirement is specifically targeted at CA's that > could try to "cheat" deadlines such as Microsoft's recent announcement > on forbiding CA's to issue SHA-1 certs after the 1st of January, 2015 ?
1st January 2016, actually. Yes, that kind of thing. Or dodging any code we might implement for https://bugzilla.mozilla.org/show_bug.cgi?id=942515 ("stop accepting SHA-1-based SSL certificates with notBefore >= 2014-03-01 and notAfter >= 2017-01-01") Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
