Remove old StartCom root certs from NSS

Kathleen Wilson via dev-security-policy Mon, 10 Jul 2017 12:49:08 -0700

And I think we should remove the old StartCom root certs from NSS.

Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom
~~
Mozilla currently recommends not trusting any certificates issued by this CA 
after October 21st, 2016. That recommendation covers the following roots:


    CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, 
O=StartCom Ltd., C=IL
    CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL

This restriction has been implemented in both in the Mozilla platform security 
code (PSM), which is shared by the Mozilla applications (Firefox, Thunderbird, 
etc.), and in addition, in the NSS library code, which is used by applications 
that use the NSS certificate verification APIs. 
~~


Please let me know if you foresee any problems with removing these root certs 
from NSS.

Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Remove old StartCom root certs from NSS

Reply via email to