On 30/01/17 19:16, Bruce Morton wrote: > Can you provide some clarification on how this will be > implemented/imposed?
It will become part of our Root Store Policy (probably with an implementation deadline). > What would be good to know is if the CA does not > comply to the new Mozilla SHA-1 restrictions is this a policy > compliance issue or will this mean the certificate issued will not be > trusted by Firefox? It would be a compliance issue. Newer versions of Firefox are moving to not trust SHA-1 certificates at all anyway. Of course, this doesn't affect people still using old versions, and it doesn't affect email, and it doesn't consider the effects on the broader ecosystem of continued SHA-1 use. All of these mean that a policy-based approach is appropriate in addition to a technical one. Gerv _______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public