Enterprise flag to allow continued use of SHA-1 certificates by private PKIs

Private PKIs are not bound by the CA/Browser Forum's Baseline Requirements, and many not have completed the process to deprecate SHA-1 by Jan 2017, after which we'll start showing interstitials. Provide an enterprise flag that would cause SHA-1 certificates that chain to a locally installed trust anchor to display the standard HTTP page icon after Jan 2017.

Documentation

• https://www.chromium.org/Home/chromium-security/education/tls/sha-1
• http://go/ltvrp

Status in Chromium

Blink components: Blink

Enabled by default (launch bug) in:

• Chrome for desktop release 54
• Chrome for Android release 54
• Android WebView release 54
• Opera release 41
• Opera for Android release 41

Consensus & Standardization

• Firefox: No public signals
• Edge: No public signals
• Safari: No public signals
• Web Developers: No signals

Owners

• rsleevi@chromium.org
• awhalley@chromium.org

Last updated on 2017-06-14