I am, indeed, receiving this question from multiple CAs. As for responding to the survey, note that Action #1a and Action #1b ask for dates regarding SHA-1 SSL certs (unless their included root certs do not have the Websites trust bit set).
"ACTION #1a: ... Please enter the last date that a SHA-1 based TLS/SSL certificate was issued that chained up to your root certificates included in Mozilla's program. ..." "ACTION #1b: ... Enter the date when all of the SHA-1 based TLS/SSL certificates that chain up to your root certificates included in Mozilla's CA Certificate Program will either expire or be revoked. ..." ACTION #1c is where CAs should provide information about their plans regarding SHA-1 S/MIME certificates, and any other types of SHA-1 certificates still being issued that chain up to the CA's included root certificates. I will greatly appreciate your input as to what would be reasonable expectations for CAs in regards to SHA-1 S/MIME certificates. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
