Thanks Kurt. Alex
On Mon, May 8, 2017 at 11:22 AM, Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2017-05-08 15:31, Alex Gaynor wrote: > >> I'm not the best way to phrase this, so please forgive the bluntness, but >> I >> think it'd be appropriate to ask at this point if Symantec has disclosed >> all necessary intermediates (I believe this would be defined as: chain to >> their roots in our trust store, are not expired, are not revoked, and are >> not technically constrained), and would they be willing to state that if >> new intermediate CAs are discovered beyond that point, it would reflect >> either dishonesty or serious mismanagement of their PKI. >> > > This was part of the March 2016 action 2. In > https://mozillacaprogram.secure.force.com/Communications/CAC > ommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00004 > you can see that their response was "2016 Apr 18" > > And confirmed in the April 2017 response to action 8, see: > https://mozillacaprogram.secure.force.com/Communications/CAC > ommRespWithTextAndTotalsReport?CommunicationId=a05o000003Wrz > BC&QuestionId=Q00020&QuestionIdForText=Q00026 > > > > Kurt > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy