JMH3143· Microsoft MVP, Microsoft Support Visiting Expert,
Discussion Starter · #1 ·
Mozilla Gives a Security Pass to the People It Shouldn'tMozilla has decided to grant an exemption to to its SHA-1 certificate ban and allow Symantec to issue nine new certificates for one of its clients Worldpay PLC.
Back in the autumn of 2015, a team of researchers managed to discover that SHA-1 certificates were not as safe as they were once considered after breaking its encryption algorithm with far less hardware and financial resources than previously estimated.
This event sparked a frenzy among tech companies and certificate authorities who announced that starting with January 1, 2016, they will not "trust" SHA-1-based certificates and that any CA (certificate authority) that issues one will be banned in the products of the CA/Browser Forum (meaning all browsers).
Organizations like Mozilla, Microsoft, and later Google, announced that they would reinforce the ban by not honoring any new SHA-1 certificates issued after January 1, 2016, and later stop supporting any type of SHA-1 certificates after June 30, 2016, or January 1, 2017.
Symantec is asking for an exemption for one of its clients