On Sat, 12 Dec 2015 16:56:04 -0800 Yuhong Bao <yuhongbao_...@hotmail.com> wrote:
> I think this and most of the other 1024-bit roots was removed or > restricted to email in Mozilla some time ago (last remaining one is > Equifax). They had been consider obsolete for a long time. Indeed, the Verisign Class 3 Public Primary Certification Authority is currently email-only. I'm curious if there's any reason the email trust bit should not be removed as well, considering that Symantec's announcement[1] only lists TLS and code signing as the uses of this root. Thanks, Andrew [1] https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941&actp=LIST&viewlocale=en_US _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy