On 9/1/2016 6:13 PM, Matt Palmer wrote: > You might want to let them know it's time to get new certs. > > - Matt We did inform all subscribers back in October 2014 that SHA-1 SSL server cert was CEASED since 1 January 2016, and reminded each of them individually that SHA-1 SSL server cert will no longer be trusted by browsers starting from 1 January 2017. Some of them might have replaced their SHA-1 SSL server cert by new cert (either from us or other CA, I don't know), without letting us know to revoke their SHA-1 SSL server cert. Some of them might want to keep using their SHA-1 SSL server cert until its expiry, which is still well before the well-known deadline 1 January 2017. I believe that their rights to use SHA-1 SSL server cert before deadline should not be affected.
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
