Just noticed all four certs in the chain on https://www.microsoft.com use SHA1. The root cert, "Baltimore CyberTrust Root", expires in 2025. Will root CAs also have to be replaced by 2016?
The relative urgency around this cutoff comes off as panick-y to me. They never seemed to bother updating roots or add SNI support for older, still supported OSes like WinXP.
It's not usual for Microsoft to be a first mover in cases like these, as far as I can remember?
Also, is there a source on *.microsoft.com for this announcement?