<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 18, 2016 at 4:37 PM, Gervase Markham <span dir="ltr"><<a href="mailto:gerv@mozilla.org" target="_blank">gerv@mozilla.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On 18/10/16 16:35, Ryan Sleevi wrote:<br>
> On Tue, Oct 18, 2016 at 4:34 PM, Dean Coclin via Public<br>
</span><span class="gmail-">> <<a href="mailto:public@cabforum.org">public@cabforum.org</a> <mailto:<a href="mailto:public@cabforum.org">public@cabforum.org</a>>> wrote:<br>
><br>
>     While I'm not the technical expert here, assuming we could, wouldn't<br>
>     they<br>
>     then need to undergo the 10 day eval period?<br>
><br>
> Yes<br>
<br>
</span>And wouldn't that push the date past the expiry date of their existing<br>
certs?<br></blockquote><div><br></div><div>Unfortunately, potentially so. But I don't think it would be appropriate to be granting even further exceptions to an inability to follow a policy announced months ago, for the same moral hazard reason of allowing exceptions beyond Dec 31, 2016, when it's spelled out at <a href="https://github.com/awhalley/docs-for-comment/blob/master/SHA1RequestProcedure.MD#existing-certificate-information">https://github.com/awhalley/docs-for-comment/blob/master/SHA1RequestProcedure.MD#existing-certificate-information</a></div></div><br></div></div>