> On Jul 28, 2017, at 09:34, Alex Gaynor via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > Frankly I was surprised to see Chromium reverse course on this -- they have > a history of aggressive leadership in their handling of CA failures, it's a > little disappointing to see them abandon that. > > I'd strongly advocate for us perusing an earlier date -- December 1st at > the latest.
I strongly agree. Even if an organization has a conservative freeze in October for Black Friday/Cyber Monday at the end of November, replacing certificates issued before 2016-06-01 within the next two months should be feasible. If re-issuing these old certificates is problematic in any way, I would have expected Symantec to warn their customers and provide a solution immediately in March after Chrome released the first version of their plan for distrust based on validity period or in April/May when Chrome’s subsequent revisions of the plan included the 2017-08-08 distrust date. Actions are much more compelling than delay tactics and counter-proposals, so the complete lack of proactive measures from Symantec indicates to me that they do not consider the implementation of the various detailed proposals of distrust over the next few months to be a problem for their customers. Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
