[cabfpub] Ballot 152 - Issuance of SHA-1 certificates through 2016

Gervase Markham gerv at mozilla.org
Wed Oct 14 21:20:57 UTC 2015

On 14/10/15 22:03, Geoff Keating wrote:
> so this would change the second paragraph to say ‘Effective 1 January
> 2016, CAs MUST NOT…’, correct?  But that’s pointless, because the first
> paragraph already says that.

No; the proposed provision is about when the cert _expires_, not about
when it was issued. The first paragraph talks about when you can issue;
the second talks about when the certs you do issue can expire. So
updating the second in the way I (and you) describe does not make it
like the first.


More information about the Public mailing list