This is a bandwagon we ought to hop on. See
https://technet.microsoft.com/en-us/security/advisory/2880823
> Executive Summary
>
> Microsoft is announcing a policy change to the Microsoft Root
> Certificate Program. The new policy will no longer allow root
> certificate authorities to issue X.509 certificates using the
> SHA-1 hashing algorithm for the purposes of SSL and code signing
> after January 1, 2016. Using the SHA-1 hashing algorithm in
> digital certificates could allow an attacker to spoof content,
> perform phishing attacks, or perform man-in-the-middle attacks.
>
> Recommendation: Microsoft recommends that certificate authorities
> no longer sign newly generated certificates using the SHA-1 hashing
> algorithm and begin migrating to SHA-2. Microsoft also recommends
> that customers replace their SHA-1 certificates with SHA-2
> certificates at the earliest opportunity.
-Dan Veditz
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
