[cabfpub] Ballot 152 - Issuance of SHA-1 certificates through 2016
Gervase Markham
gerv at mozilla.org
Wed Oct 14 14:20:57 MST 2015
On 14/10/15 22:03, Geoff Keating wrote:
> so this would change the second paragraph to say ‘Effective 1 January
> 2016, CAs MUST NOT…’, correct? But that’s pointless, because the first
> paragraph already says that.
No; the proposed provision is about when the cert _expires_, not about
when it was issued. The first paragraph talks about when you can issue;
the second talks about when the certs you do issue can expire. So
updating the second in the way I (and you) describe does not make it
like the first.
Gerv
More information about the Public
mailing list