On 2/23/2016 10:57 AM, Gervase Markham wrote [in part]: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion of their infrastructure, and failed to renew some SHA-1 server > certificates before the issuance deadline of 31st December 2015.
[snipped] According to Softpedia, Mozilla is the only organization that agreed to Symantec's request. Microsoft, Google, and others are holding firm on rejecting SHA-1 certificates. See <http://news.softpedia.com/news/mozilla-gives-a-security-pass-to-the-people-it-shouldn-t-500986.shtml>. -- David E. Ross While many tributes to the late Supreme Court Associate Justice Antonin Scalia now fill the news media, his legacy was not necessarily positive. See my "What Price Order, Mr. Justice Scalia?" at <http://www.rossde.com/editorials/edtl_scalia_wrong.html>. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy