On Thursday, 30 June 2016 09:29:15 UTC+1, Rob Stradling wrote: > The cross-certificate issued by Symantec to "Federal Bridge CA 2013" > (https://crt.sh/?id=12638543) expires in 1 month. I'm wondering if > there's any point in revoking this intermediate or the two other > intermediates that Peter mentioned.
Have we seen _anything_ from Symantec, even informally to say they intend for this to expire and not be replaced ? Historically the experience has been that CAs are very happy to pretend they didn't even realise there was a problem right up until trust stores threaten to remove their roots and then they suddenly remember that they'd been intending to voluntarily comply very soon and just forgot to mention it. So if we don't have a promise from Symantec that they won't renew this, it makes sense to assume they will and for Mozilla to behave accordingly. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
