On 12/11/13 23:20, Daniel Veditz wrote: > This is a bandwagon we ought to hop on. See > https://technet.microsoft.com/en-us/security/advisory/2880823
Microsoft were kind enough to make us aware of this move in advance. We are certainly supportive. Here's one bit of hopping: http://blog.gerv.net/2013/11/microsoft-mortally-wounds-sha-1/ We could update our program requirements to be identical to theirs, but the effect on actual CA operations would be fairly small, I fancy - because they are all doing it anyway. Is that what you are suggesting, or something else? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy