On Tuesday, September 27, 2016 at 7:31:30 AM UTC+2, Han Yuwei wrote: > 在 2016年9月26日星期一 UTC+8下午10:21:13,Gervase Markham写道: > > Today, Mozilla is publishing an additional document containing further > > research into the back-dating of SHA-1 certificates, in violation of the > > CAB Forum Baseline Requirements, to avoid browser blocks. It also > > contains some conclusions we have drawn from the recent investigations, > > and a proposal for discussion regarding the action that Mozilla's root > > program should take in response. > > > > Because this document is extensive and contains embedded images, links > > and formatting, I have published it on Google Docs instead of as an > > email message here: > > > > https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/edit > > > > However, this forum is the appropriate place for discussing it. Please > > feel free to cut and paste any parts you wish to quote and comment on. > > > > Gerv > > Seems like we are not able to get a free 1-year certificate. I am very > disappointed about that.
You do realize there's a really good CA called LetsEncrypt? Which easily lets you automate renewal, and is proven VERY trustworthy thus far. I already moved away from startcom just because letsencrypt is way easier to maintain.. https://letsencrypt.org/docs/client-options/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy