On Thursday, 14 April 2016 00:12:49 UTC+1, Kathleen Wilson wrote: > Request to enable EV for VeriSign Class 3 G4 ECC root > Summary of Information Gathered and Verified: > https://bugzilla.mozilla.org/attachment.cgi?id=8734043
Topic as I understand it is enabling EV treatment for https://crt.sh/?caid=1386 - anyone please step in if I have not correctly diagnosed the topic. Kathleen's summary links https://bugzilla.mozilla.org/show_bug.cgi?id=1019864 as the list of publicly disclosed and audited SubCAs for this CA. The last change to that ticket is almost two years ago, Kathleen is this an oversight and actually Symantec are continuing to disclose SubCAs to Mozilla via another route? If so please link that information instead of/ as well as the 2014 Bugzilla ticket. I also can't see any information here about revoked SubCAs for this CA. Again it's possible either that this is an oversight or that there simply haven't been any revocations under this root (or that any revocations took place before Mozilla's policy changed a few years back to require they be explicitly disclosed rather than quietly added to a CRL) but this should be explicit. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
