Same question. Does this mean the key used to sign the digicert roots is subject to the distrust without exception?
> On Mar 13, 2018, at 1:36 PM, Kai Engert via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > >> On 12.03.2018 22:19, Kathleen Wilson via dev-security-policy wrote: >> Wayne and I have posted a Mozilla Security Blog regarding the current >> plan for distrusting the Symantec TLS certs. >> >> https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/ > > Hello Kathleen and Wayne, > > the blog post says, the subCAs controlled by Apple and Google are the > ONLY exceptions. > > However, the Mozilla Firefox code also treats certain DigiCert subCAs as > exceptions. > > Based on Ryan Sleevi's recent comments on this list, I had concluded > that the excluded DigiCert subCAs are used to support companies other > than Apple and Google. Is my understanding right or wrong? > > Are Apple and Google really the only beneficials of the exceptions, or > should the blog post get updated to mention the additional exceptions? > > Thanks > Kai > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy