Hi Wayne, Is the Firefox 60 update in May the same as the combination of the April and October Chrome updates, in that all Symantec certificates will be untrusted on this date (5 months before Chrome)?
Doug > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+doug.beattie=globalsign....@lists.mozilla.org] On Behalf Of Wayne > Thayer via dev-security-policy > Sent: Friday, March 2, 2018 1:12 PM > Cc: mozilla-dev-security-policy > <mozilla-dev-security-pol...@lists.mozilla.org> > Subject: Re: Mozilla’s Plan for Symantec Roots > > Update: > > Mozilla is moving forward with our implementation of the consensus plan for > Symantec roots [1]. With the exception of whitelisted subordinate CAs using > the keys listed on the wiki [2], Symantec certificates are now blocked by > default on Nightly builds of Firefox. The preference > "security.pki.distrust_ca_policy" can be used to override these changes. A > custom error message is also being implemented [3]. These changes are part of > Firefox 60, which is scheduled to be released in May [4]. > > There are still a lot of websites using Symantec certificates, but the number > are > declining rapidly. Lists of affected sites and regularly updated metrics are > available via bug 1434300 [5]. > > - Wayne > > [1] > https://groups.google.com/d/msg/mozilla.dev.security.policy/FLHRT79e3XE/ > 90qkf8jsAQAJ > [2] https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec > [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1441223 > [4] https://wiki.mozilla.org/RapidRelease/Calendar > [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1434300 > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
