On Wed, Feb 24, 2016 at 7:55 PM, Peter Gutmann <[email protected]> wrote:
> [email protected] <[email protected]> writes: > > >While we are disappointed that a critical part of the Internet > >infrastructure is holding back an increase in security, we believe that > >this allowance strikes an acceptable compromise between minimizing > >disruption and risk and encouraging migration away from SHA-1 as fast as > >possible. > > I'd still really like to know the details of what happened here. As I've > pointed out to others off-list, it's not to assign blame but to learn from > it so that others won't make the same mistake in similar situations in the > future. > I would as well, and I would also be interested in what Worldpay is doing to migrate to SHA-2. Hopefully they or Symantec can comment here. --Richard _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
