On 27/03/17 23:18, okaphone.elektron...@gmail.com wrote: > Will that remain the responsibility of GlobalSign for any existing > certificates that have been signed with these roots? (Those would be > intermediate certificates, if I understand correctly.) Or does > revocation also require signing, and does it therefore become the > responsibility of the new owner of the roots?
The latter - Mozilla would hold Google ultimately responsible for any revocation-related requirements in these hierarchies. (They may, of course, contract GlobalSign to manage some subset of it, but that's not our business). Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy