On 21/11/16 20:29, Myers, Kenneth (10421) wrote: > I've been trying to stay on top of the SHA-1 phase-out discussion but > lost track. Where did it leave off?
I drafted a potential update to Mozilla's policy which was discussed here, and has now moved to the CAB Forum public list for further discussion. > I think I saw something of doing a ban at the browser level to not > trust the SHA-1 algorithm. Is this possible? Mozilla will be doing that in January 2017. https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
