On Fri, Feb 26, 2016 at 11:32 AM, <[email protected]> wrote: > On Thursday, February 25, 2016 at 10:06:50 PM UTC-5, Peter Gutmann wrote: > > Dean Coclin writes: > > I think Symantec and Mozilla are doing the right thing. Nobody is asking > to extend the 1/1/2017 SHA-1 deprecation date. World Pay could have SHA-1 > certificates that expire on 12/31/2016 if they had planned ahead a little > better. They "just" want a few SHA-1 certificates after the 1/1/2016 date, > and with a strong serial number and a known customer, I don't see any > security issues. > > I hope the same courtesy is afforded to other high profile customers and > their CA should the need arise. >
As was suggested in our earlier communications, we will handle these on a case-by-case basis. CAs and customers who think they might have a need should obviously come forward as soon as possible. --Richard _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
