On 07/11/16 15:34, Doug Beattie wrote: > I'd prefer a requirement for long serial numbers over a total ban on > SHA-1 Sub CAs. The BRs state 112 bits of entropy, so I'd recommend > using that for non BR certificates (assuming client applications > don't have issues with that).
Can you list some of the uses you'd still like to use SHA-1 in publicly-trusted hierarchies for? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
