[cabfpub] Posted on behalf of customer

Tim Shirley TShirley at trustwave.com
Fri Dec 16 14:36:34 UTC 2016

On 12/16/16, 9:27 AM, "Public on behalf of Gervase Markham via Public" <public-bounces at cabforum.org on behalf of public at cabforum.org> wrote:

>    Well, _everyone's_ SHA-1 certificates which were issued in 2015 or 2016
>   and which are part of the WebPKI expire at the latest on December 31st
>  2016. (If that's not so, you should point out those certs, as they were
>   issued in violation of the BRs and root program requirements.)

Only if they were issued in 2016.  As of January 16, 2015 the BRs said CAs SHOULD NOT issue SHA-1 certificates valid after 1/1/17, but it was not fully prohibited until 1/1/16.


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the Public mailing list