Thanks! This was useful. Case 2-3 (and 4 where there is a need to support their app plus browsers) are only supported if the Symantec roots are trusted in time prior to removal and embedding the new roots is greater or equal to all browser versions that remove the old roots. The proposal to cross-sign the DigiCert root was intended as contingency so we can stick to the Sep 2018 timeline for root deprecation if the embedding process takes too long.
Assuming the transaction completes, what does this mean for the audit plan? How would that audit plan apply to these new roots? Does it apply until after everything is transferred to the DigiCert CPS? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy