tl;dr? Avoid SHA-1 certificate chains. https://twitter.com/simonsteiner/status/598852621995216896 …
@sleevi_ @ivanristic If a root was EVER cross-signed with SHA-1, what could CA do to avoid NSS bug besides issue from a brand new root?
-
-
@sleevi_@ivanristic New root would itself need to be cross-signed, a catch-22. I don't think there's a way for a CA to not "botch" this.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.