On 2015-10-20 20:39, Kathleen Wilson wrote:
- We are re-evaluating when we should start rejecting all SHA-1 SSL certificates (regardless of when they were issued). As we said before, the current plan is to make this change on January 1, 2017. However, in light of recent attacks on SHA-1, we are also considering the feasibility of having a cut-off date as early as July 1, 2016.
I'm all for moving away from it as soon as possible. But from what I understand the SHAppening is no reason to panic yet, so I currently don't see a reason to change the schedule.
Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
