Bugzilla

(In reply to Matt Wobensmith [:mwobensmith][:matt] from comment #20)
> I did a canary pass for this change on today's Nightly. In summary, 286
> sites are broken of roughly 290k TLS-enabled sites, culled from the Alexa
> top 1 million site list.
> 
> More info here:
> https://tlscanary.mozilla.org/runs/2016-04-04-10-56-25/index.htm

Matt, Thank you for doing this. 

I noticed that many of the certs are old, but (unfortunately) some are not so old. We need to identify the CAs that are still issuing this type of cert. We don't need to fail for certs that were issued a long time ago.

Dana, can you update the code to only fail after a date like August 1, 2015, so we can identify the newer certs that are still not following the BRs?