On 20/03/17 13:07, Peter Bowen wrote: >> E) SHA-1 and S/MIME >> >> Does your CA issue SHA-1 S/MIME certificates? If so, please explain your >> plans for ceasing to do so, and any self-imposed or external deadlines >> you are planning to meet. Mozilla plans to make policy in this area in >> the future, so please explain any facts or constraints which you think >> might be relevant to our considerations. > > Why is this limited to s/mime? It would be highly valuable to > understand if any SHA-1 signatures are being created using keys > trusted to sign server auth certs.
Presumably you mean outside the scope of the BRs? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
