[cabfpub] Posted on behalf of customer

[Gervase Markham]

On 16/12/16 14:36, Tim Shirley wrote:
> Only if they were issued in 2016.  As of January 16, 2015 the BRs
> said CAs SHOULD NOT issue SHA-1 certificates valid after 1/1/17, but
> it was not fully prohibited until 1/1/16.

Yes, you are correct. The opportunity for the far-sighted to obtain the
certs they needed extended until the end of 2015, not the end of 2014.
The actual prohibitions on or UI warnings against such certificates were
encoded directly in browsers, not in the BRs.

Gerv