On Wed, Aug 17, 2016 at 10:22:13AM +0200, Kurt Roeckx wrote: > On 2016-08-17 00:23, Ryan Sleevi wrote: > >Practically speaking, what steps could be taken? > > 6) Ask them to immediately stop issuing SHA-1 based certificates that chain > back to any of the root certificates in the Mozilla root store, and revoke > the one they shouldn't have issued. If they fail to comply distrust all > their certificates.
Didn't they already get asked to do that? - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy