On Mon, Dec 2, 2013 at 6:47 AM, Jürgen Brauckmann <[email protected]> wrote: > With the current de-facto end-of-life-date for sha1-based Sub-CA > certificates it can be necessary to renew signatures on existing Sub-CA > certificates with sha2WithRSAEncryption with identical issuance > dates/public keys.
Why? Could you please explain what problem would be created if the renewed certificates had a different (later) notBefore time? Thanks, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
