[cabfpub] Posted on behalf of customer

Gervase Markham gerv at mozilla.org
Fri Dec 16 15:22:53 UTC 2016

On 16/12/16 14:36, Tim Shirley wrote:
> Only if they were issued in 2016.  As of January 16, 2015 the BRs
> said CAs SHOULD NOT issue SHA-1 certificates valid after 1/1/17, but
> it was not fully prohibited until 1/1/16.

Yes, you are correct. The opportunity for the far-sighted to obtain the
certs they needed extended until the end of 2015, not the end of 2014.
The actual prohibitions on or UI warnings against such certificates were
encoded directly in browsers, not in the BRs.


More information about the Public mailing list