Hello Ryan, thanks again for this response. The situation appears very complex. I might follow up with a couple of clarification questions, that are hopefully simple to answer. Let me start with this one:
Chromium will whitelist the SPKIs of a "CN=DigiCert Transition ECC Root" and a "CN=DigiCert Transition RSA Root" certificate, as found in this directory: https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/managed Are there any Apple systems, servers, infrastructure, devices, that rely on any of these DigiCert transition Root CAs? Are there any Google systems, servers, infrastructure, devices, that rely on any of these DigiCert transition Root CAs? The point of my question is to clarify, if the DigiCert transition Roots are completely separate from the Apple/Google subCA whitelisting requirements. Thanks Kai _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy