Given that is correct, I would say it is not DigiCert's responsibility to disclose to Mozilla. Rather it is your responsibility to disclose to Federal PKI, and they need to disclose to whoever subordinated them from a Mozilla root.
On Thu, Jun 23, 2016 at 1:39 PM, Ben Wilson <ben.wil...@digicert.com> wrote: > That's correct. > > -----Original Message----- > From: Peter Bowen [mailto:pzbo...@gmail.com] > Sent: Thursday, June 23, 2016 2:39 PM > To: Ben Wilson <ben.wil...@digicert.com> > Cc: Eric Mill <e...@konklone.com>; Kurt Roeckx <k...@roeckx.be>; Richard > Barnes <rbar...@mozilla.com>; Jeremy Rowley <jeremy.row...@digicert.com>; > Steve <steve.me...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org; > Kathleen Wilson <kwil...@mozilla.com>; Rob Stradling > <rob.stradl...@comodo.com> > Subject: Re: Intermediate certificate disclosure deadline in 2 weeks > > On Thu, Jun 23, 2016 at 11:45 AM, Ben Wilson <ben.wil...@digicert.com> wrote: >> Another issue that needs to be resolved involves the Federal Bridge >> CA 2013 (“Federal Bridge”). When a publicly trusted sub CA >> cross-certifies the Federal Bridge, then all of the CAs cross-certified by >> the Federal Bridge >> are trusted. The chart (https://crt.sh/mozilla-disclosures) then captures >> all “non-publicly-trusted” sub CAs. For instance, the following CAs >> are now caught up in the database, but there is no way to input them >> (or CAs subordinate to them) into Salesforce because only the CA that >> cross-certified the Federal Bridge has access to that certificate >> chain in Salesforce. In otherwords, I don’t have access to input the >> DigiCert Federated ID CA-1 or its sub CAs. > > Ben, > > Correct me if I'm wrong, but the DigiCert CA you mention is part of a > different PKI from the DigiCert public roots in Mozilla, right? The only > reason that it is showing in the list is because a non-DigiCert CA > cross-signed the Federal PKI and the Federal PKI cross-signed the DigiCert CA > in question, correct? > > Thanks, > Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
