On Wed, Aug 2, 2017 at 2:12 PM, Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > Today, DigiCert and Symantec announced that DigiCert is acquiring the > Symantec CA assets, including the infrastructure, personnel, roots, and > platforms. At the same time, DigiCert signed a Sub CA agreement wherein we > will validate and issue all Symantec certs as of Dec 1, 2017. We are > committed to meeting the Mozilla and Google plans in transitioning away from > the Symantec infrastructure. The deal is expected to close near the end of > the year, after which we will be solely responsible for operation of the CA. > From there, we will migrate customers and systems as necessary to > consolidate platforms and operations while continuing to run all issuance > and validation through DigiCert. We will post updates and plans to the > community as things change and progress. > > Thanks a ton for any thoughts you offer.
Jeremy, A while ago I put together a list of all the certificates that are or were included in trust stores that were known to be owned by Symantec or companies that Symantec acquired. The list is in Google Sheets at https://docs.google.com/spreadsheets/d/1piCTtgMz1Uf3SHXoNEFYZKAjKGPJdRDGFuGehdzcvo8/edit?usp=sharing Can you confirm that DigiCert will be "solely responsible for operation" of all of these CAs once the deal closes? Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy