[cabfpub] SHA1 options for payment processors

Gervase Markham gerv at mozilla.org
Thu Mar 10 17:07:45 UTC 2016

Mozilla agrees with Ryan that it is not acceptable for us to produce
some generic solution such that CAs can go away and start re-issuing
SHA-1 certs at will for their customers.

We feel that any company coming forward to ask for an exception should
request it on its own merits. And so in order to discuss this further,
we need such a company to come forward (as WorldPay did) so the problem
can be discussed in concrete terms.


More information about the Public mailing list