Per Bugzilla Bug #1314464 we are adding the "SecureSign Public CA11" intermediate CA cert to OneCRL as a precautionary measure.
Here's some background on this... The JCSI Root CA (SecureSign RootCA11) was acquired by Cybertrust Japan(CTJ) in August 2014. The current WebTrust CA audit statement for this root is here: https://cert.webtrust.org/SealFile?seal=2097&file=pdf However, there is not a BR audit statement for this root, because CTJ has not yet issued their intermediate certificate to sign TLS/SSL certificates. CTJ is planning to do this and get a BR readiness audit in March, 2017. Unfortunately, this "SecureSign Public CA11" intermediate certificate had not been transferred to CTJ, even though it chains up to the root certificate that CTJ acquired. It is reasonable to assume that JCSI retired this intermediate certificate during their liquidation. And data on cert issuance from this intermediate certificate seems to back up that assumption. The current representatives of CTJ are working to contact the former employees of JCSI to confirm this assumption. In the meantime, we are going to add the intermediate cert to OneCRL. Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy