Actually previous SHA-1 certs might be one of the least objectionable non-compliances assuming that nobody expects Firefox, or other clients in the Web PKI to actually trust these certs, because the difference in signature algorithm contains the risk nicely.
Bad guys who have speculatively attacked a CA using a (by no means computationally cheap) SHA-1 collision attack in expectation that it might one day get added to trust stores gain nothing if the entire signature algorithm they attacked is meanwhile distrusted, as SHA-1 has been. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
