On 29/09/16 19:52, Dean Coclin wrote: > In accordance with the SHA-1 Exception Request procedure, we hereby submit > the attached request on behalf of our client.
After consideration, Mozilla grants an exception for the issuance of SHA-1 certificates, with the condition that they expire not after December 31st 2016, in line with the policy Google drafted. We accept there is a case to be made that duration does not directly affect risk of issuance, but it affects risk of ongoing use, and it affects the issue of moral hazard and fairness to other companies. Mozilla's public purpose is to make the Internet a better place for everyone, and that includes citizens whose credit card data passes across it. We are saddened that various payment card industry standards do not seem to put as high a value on the security of users' data as the Internet community does. Thanks to First Data for their honest answers to the questions put. Gerv _______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public