On 2/23/2016 10:57 AM, Gervase Markham wrote [in part]:
> Mozilla and other browsers have been approached by Worldpay, a large
> payment processor, via Symantec, their CA. They have been transitioning
> to SHA-2 but due to an oversight have failed to do so in time for a
> portion of their infrastructure, and failed to renew some SHA-1 server
> certificates before the issuance deadline of 31st December 2015.
[snipped]
According to Softpedia, Mozilla is the only organization that agreed to
Symantec's request. Microsoft, Google, and others are holding firm on
rejecting SHA-1 certificates. See
<http://news.softpedia.com/news/mozilla-gives-a-security-pass-to-the-people-it-shouldn-t-500986.shtml>.
--
David E. Ross
While many tributes to the late Supreme Court Associate Justice
Antonin Scalia now fill the news media, his legacy was not
necessarily positive. See my "What Price Order, Mr. Justice Scalia?"
at <http://www.rossde.com/editorials/edtl_scalia_wrong.html>.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
