On 30/01/17 19:16, Bruce Morton wrote:
> Can you provide some clarification on how this will be
It will become part of our Root Store Policy (probably with an
> What would be good to know is if the CA does not
> comply to the new Mozilla SHA-1 restrictions is this a policy
> compliance issue or will this mean the certificate issued will not be
> trusted by Firefox?
It would be a compliance issue. Newer versions of Firefox are moving to
not trust SHA-1 certificates at all anyway. Of course, this doesn't
affect people still using old versions, and it doesn't affect email, and
it doesn't consider the effects on the broader ecosystem of continued
SHA-1 use. All of these mean that a policy-based approach is appropriate
in addition to a technical one.
Public mailing list