We aren't sure at this point. DigiCert already runs two (almost three) logs. Symantec runs two logs. Although CT plans are still under discussion, I don't think the ecosystem needs four CT logs operated by a single CA. Regardless, we'll do whatever is best to support CT and the DigiCert and Symantec customer-base. Likely, we'll compare infrastructure and keep the best performing logs. We'll definitely run a differential between the logs and consult with the community before anything is done with existing logs. Jeremy
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Santhan Raj via dev-security-policy Sent: Thursday, August 3, 2017 1:36 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert-Symantec Announcement On Wednesday, August 2, 2017 at 6:44:51 PM UTC-7, Peter Bowen wrote: > On Wed, Aug 2, 2017 at 2:12 PM, Jeremy Rowley via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > Today, DigiCert and Symantec announced that DigiCert is acquiring > > the Symantec CA assets, including the infrastructure, personnel, > > roots, and platforms. At the same time, DigiCert signed a Sub CA > > agreement wherein we will validate and issue all Symantec certs as > > of Dec 1, 2017. We are committed to meeting the Mozilla and Google > > plans in transitioning away from the Symantec infrastructure. The > > deal is expected to close near the end of the year, after which we will be solely responsible for operation of the CA. > > From there, we will migrate customers and systems as necessary to > > consolidate platforms and operations while continuing to run all > > issuance and validation through DigiCert. We will post updates and > > plans to the community as things change and progress. > > > > Thanks a ton for any thoughts you offer. > > Jeremy, > > A while ago I put together a list of all the certificates that are or > were included in trust stores that were known to be owned by Symantec > or companies that Symantec acquired. The list is in Google Sheets at > https://docs.google.com/spreadsheets/d/1piCTtgMz1Uf3SHXoNEFYZKAjKGPJdR > DGFuGehdzcvo8/edit?usp=sharing > > Can you confirm that DigiCert will be "solely responsible for > operation" of all of these CAs once the deal closes? > > Thanks, > Peter Hi Jeremy, A similar question regarding Symantec's CT log infrastructure. Are they part of the deal and do you plan to continue hosting them? Thanks, Santhan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
