Hello, The following certificates are using the SHA-1 signature algorithm. They will all be valid for approximately three months in 2018, as none have been revoked thus far.
https://crt.sh/?id=62407589&opt=cablint https://crt.sh/?id=62416636&opt=cablint https://crt.sh/?id=62423790&opt=cablint https://crt.sh/?id=62423799&opt=cablint https://crt.sh/?id=62423818&opt=cablint https://crt.sh/?id=62423833&opt=cablint https://crt.sh/?id=62423686&opt=cablint https://crt.sh/?id=62423690&opt=cablint Based on the information contained within the subject, they appear to be involved in OCSP responder signing. The BR states "CAs MUST NOT issue OCSP responder certificates using SHA‐1 (inferred)." by 2017-01-01. I am not sure if this applies, as all of these certificates were entered to CT logs on 2016-12-12. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy