- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 23 Oct 2014 16:16:02 +0200
- To: Mike West <mkwst@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 3:58 PM, Mike West <mkwst@google.com> wrote: > As of Chrome 41: "Sites with end-entity certificates that expire on or after > 1 January 2017, and which include a SHA-1-based signature as part of the > certificate chain, will be treated as “affirmatively insecure”. Subresources > from such domain will be treated as “active mixed content”. " But isn't that the same as a network error? (As in, not in need of the "weakly authenticated" bit.) -- https://annevankesteren.nl/
Received on Thursday, 23 October 2014 14:16:28 UTC