Hi Jakob, Your below description raises two questions of general interest (though not of interest to the Mozilla root program):
1. Will DigiCert establish cross-signatures from the old/historic
Symantec roots to continuing DigiCert roots and subCAs?
[JR] We won’t be cross-signing from DigiCert to Symantec. For cross-signs the
other way, we plan on supporting the community’s needs and would love to hear
more online and offline about what cross-signs to DigiCert are needed for
compatibility and interoperability. Mozilla proposed distrusting Symantec’s
roots in 2018 so we’ll work towards that goal. Once it’s removed, the one-way
trust from Symantec to DigiCert will fall out of scope. Prior to that, the
cross-sign will be operated per the BRs and subject to the Google and Mozilla
proposals.
2. Will DigiCert continue those Symantec services that were not trusted
by Mozilla/Google and which have no functional alternative elsewhere.
This includes a number of situations where Microsoft and other
companies are enforcing that things are signed exclusively by specific
Symantec issuance systems. Known examples include: The original SHA-1
time stamping service for code signing (needed for compatibility with
older Windows and Internet Explorer versions). The special signing
portal for Windows Mobile (the original product line, not the new
renamed Windows 10 Phone product line). The "hosted" signing service
for Android Apps. Possibly any remnants of the Geotrust-based
services for the old Nokia platforms (Symbian S60 etc.). Etc.
[JR] As you mentioned, none of these are trusted by Mozilla or Google so that
discussion is better held elsewhere. However, I can say that we plan to
support Symantec communities to the extent possible. The only planned
deprecation is the Symantec publicly-trusted Web PKI.
Jeremy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
