RE: Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Peter Gutmann
Dean Coclin writes: >According to WP, as part of the EMV program, they are aggressively rolling >out new devices to replace all old equipment in the field. They expect this >to be completed by the end of the year. They have already moved a large >number of devices to

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Dean Coclin
What CA(s) would Symantec use as the issuer for the certificates?The same one they've been using and know works: VeriSign Class 3 International Server CA - G3.>>Dean, are you sure about that? Rob-Yes I am. I am sure that we will be using that CA to satisfy this request because we know it works.

Re: NEW Certificate Manager Add-on

2016-02-25 Thread Kathleen Wilson
On 2/12/16 11:08 PM, David E. Ross wrote: On 2/12/2016 1:34 PM, Kathleen Wilson wrote: Thanks to a group of students at Rose-Hulman Institute of Technology for creating a Certificate Manager Add-on for their senior project! I've been using it for a couple months now, and I like it much better

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Brian Smith
Gervase Markham wrote: > On 23/02/16 18:57, Gervase Markham wrote: > > Mozilla and other browsers have been approached by Worldpay, a large > > payment processor, via Symantec, their CA. They have been transitioning > > to SHA-2 but due to an oversight have failed to do so in

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Gervase Markham
On 23/02/16 18:57, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion of their infrastructure, and

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Rob Stradling
On 25/02/16 00:11, rbar...@mozilla.com wrote: Hey all, Thanks to everyone for the robust discussion here. Gerv, Kathleen and I have discussed and decided that Mozilla will allow a qualification due to issuance of SHA-1 certificates, subject to the following conditions: Do we know if the

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Rob Stradling
For each of the 7 servers that I can reach, "Class 3 Public Primary Certification Authority" is the issuer of the final cert in the chain. What proportion of the WorldPay terminals trust the (yanked) "Class 3 Public Primary Certification Authority" root? Is this the ~90%? If so, then the