CA/Forbidden or Problematic Practices: Difference between revisions

Jump to navigation Jump to search

CA/Forbidden or Problematic Practices (view source)

Revision as of 17:57, 21 August 2014

1 byte removed ,  21 August 2014
m
→‎SHA-1 Certificates
Line 107: Line 107:
There are still many end entity certificates that would be impacted if support for SHA-1 based signatures was turned off. Therefore, we are hoping to give CAs time to react, and are planning to turn off support for SHA-1 based signatures in 2017. Note that Mozilla will take this action earlier if needed to keep our users safe.
There are still many end entity certificates that would be impacted if support for SHA-1 based signatures was turned off. Therefore, we are hoping to give CAs time to react, and are planning to turn off support for SHA-1 based signatures in 2017. Note that Mozilla will take this action earlier if needed to keep our users safe.


CA should not be issuing new SHA-1 certificates, and should be migrating their customers off of SHA-1 intermediate and end-entity certificates.
CAs should not be issuing new SHA-1 certificates, and should be migrating their customers off of SHA-1 intermediate and end-entity certificates.


If the CA still needs to issue SHA-1 certificates for compatibility reasons, then those SHA-1 certificates should expired before 2017.
If a CA still needs to issue SHA-1 certificates for compatibility reasons, then those SHA-1 certificates should expired before 2017.


=== Generic names for CAs ===
=== Generic names for CAs ===
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1008145"

Navigation menu