On 11/10/17 1:44 PM, Ben Wilson wrote:
In the spirit of full transparency and in attempt to comply to the extent we
can with Mozilla policy, on Thursday, Nov. 2, we created several sub CAs
under two new "transition" roots (yet to be submitted as roots). These sub
CAs haven't been uploaded yet to the CCADB because no instances of the roots
have been created in the CCADB. Also, I don't have access, yet, to the
Symantec roots in the CCADB, so while these sub CAs chain to the DigiCert
RSA and ECC transition roots (which have been cross-certified by the
Symantec roots - see https://ccadb.force.com/0011J1BtNYx and
https://ccadb.force.com/0011J1BtNaF), they are not listed yet in the
CCADB (because as a technical matter, I have no access - I get an error when
I attempt to do so). No end entity certificates have been issued by the new
sub CAs. We'll get those sub CAs uploaded to the CCADB when I get access
first thing next week.
Ben Wilson, JD, CISA, CISSP
Ben, I will follow up with you in separate email.
All, Just FYI... CAs are not allowed to directly add/edit Root Cert
records in the CCADB, because that information must be verified by a
root store operator first.
Cheers,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
