On Thursday, February 25, 2016 at 10:06:50 PM UTC-5, Peter Gutmann wrote: > Dean Coclin writes:
I think Symantec and Mozilla are doing the right thing. Nobody is asking to extend the 1/1/2017 SHA-1 deprecation date. World Pay could have SHA-1 certificates that expire on 12/31/2016 if they had planned ahead a little better. They "just" want a few SHA-1 certificates after the 1/1/2016 date, and with a strong serial number and a known customer, I don't see any security issues. I hope the same courtesy is afforded to other high profile customers and their CA should the need arise. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
