On 25/02/2019 16:17, Nick Lamb via dev-security-policy wrote: > On Sat, 23 Feb 2019 10:16:27 +0100 > Kurt Roeckx via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: >> I would also like to have a comment from the current root owner >> (digicert?) on what they plan to do with it. > > Two other things would be interesting from Digicert on this topic > > 1. To what extent does DarkMatter have practical ability to issue > independently of Digicert? > > https://crt.sh/?caid=22507 > > It would be nice to know where this is on the spectrum of intermediate > CAs, between the cPanel intermediate (all day-to-day operations > presumably by Sectigo and nobody from cPanel has the associated RSA > private keys)
Hi Nick. I can confirm that all day-to-day operations for the cPanel intermediates are performed by Sectigo, and nobody from cPanel has the associated RSA private keys. > and Let's Encrypt X3 (all day-to-day operations by Let's > Encrypt / ISRG and presumably nobody from IdenTrust has the associated > RSA private keys) <snip> QuoVadis disclosed [1] that... "The DarkMatter CAs were previously hosted and operated by QuoVadis, and included in the QuoVadis WebTrust audits through 2017. In November 2017, the CAs were transitioned to DarkMatter’s own control following disclosure to browser root programs." I take that to mean that DarkMatter are in possession of the RSA private key corresponding to https://crt.sh/?caid=22507. [1] https://www.quovadisglobal.com/QVRepository/ExternalCAs.aspx -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy