Microsoft publicly deprecated SHA-1 as a valid SSL certificate signature algorithm in Nov 2013: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
And just a week ago, Chrome announced their SHA-1 deprecation window: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2-R4XziFc7A/YO0ZSrX_X4wJ Firefox has an open bug about the issue, and seems supportive of it -- https://bugzilla.mozilla.org/show_bug.cgi?id=942515 -- but this is a hard thread to follow, and does not constitute an announcement on Mozilla's part. It feels like a good time to kick SHA-1 -> SHA-2 migration into high gear, since it'll take a while. Will Mozilla plan to announce something? -- Eric -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
