* Will there be other players in Symantec's SubCA plan or is DigiCert the only one? [DC] Only DigiCert. * Is DigiCert prepared (yet?) to commit to a "first day of issuance" under the SubCA plan? That is, when is the earliest date that members of the general public may purchase certs that chain up through the new "DigiCert SubCA" to any of the Symantec roots? I hope that, for issues that may arise under the new system, there is sufficient time to identify and resolve them prior to the 2017-12-01 deadline. [DC] Not yet. That’s an ongoing discussion. * I think the idea of a smart segregation plan for the roots and intermediates is a must-have. Such a plan should factor in the clientele who are using the different roots and the environments in which they operate. Given how important the "ubiquitous roots" are, I would hope to see community involvement and "sign-off", if you will. [DC] Okay. We plan to update the community as things solidify. * I think it's appropriate to re-think some of the deadlines, given that we're talking less about a carrots-and-sticks model and more of one based on smart decision-making, good risk management, and sticks. [DC] I’ll leave that open to the community discussion, although anything sooner than the current deadlines might not have as satisfactory results as the current proposal. Finally, when I went to read the DigiCert blog post, I noticed that John Merrill's link for the agreement announcement was a dud. I don't know why but I really don't care either. I think it serves as a reminder that mistakes are going to be made during this process so it's best to make allowances for that in the plans going forward. That, and attention to detail is important. [DC] Egg on my face there. Thanks for finding that. We’re getting it updated.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy