On 3/22/16 10:14 PM, Charles Reiss wrote:
On 03/22/16 16:33, [email protected] wrote:
The following 'ACTION #1c' has been added to the communication, which
is here: https://wiki.mozilla.org/CA:Communications#March_2016 and
click on "Link to DRAFT of March 2016 CA Communication".
With the current wordings of #1a and #1b, if
- a CA has both the email and websites trust bits; and
- their last SHA-1 S/MIME certificate {was issued,expires} later than
their last SHA-1 TLS server certificate,
then they should give the TLS date. Is this intentional?
Yes, that is intentional. For #1a and #1b I would like to know the TLS
date, because it might influence our decisions in regards to when we
make some changes in Firefox regarding SHA-1.
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
