On 2017-05-15 13:40, Gervase Markham wrote:
* (Q13) Many CAs plan to stop issuing SHA-1 S/MIME by the end of this
year. CAs without a firm date are: Comodo, GlobalSign, SECOM, TWCA, and
Visa. A couple of these CAs hint that an industry deadline to stop would
help their customers see the need to migrate.
So is this something we can work on?
I think Thunderbird probably doesn't have enough market share to
actually do something with this, so maybe this is more something for
Microsoft?
The preferred changed would be to require both the certificates and the
message itself to be signed with SHA-2.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
