Re: Mozilla’s Plan for Symantec Roots

2017-10-27 Thread Ryan Sleevi via dev-security-policy
Without commenting on the Symantec aspect of this, there is a rather substantial correction to the behaviour of client software - including Firefox. Unfortunately, very few libraries and path validators support chain building terminating at trust anchors in the way you describe. Recent changes in

Re: Mozilla’s Plan for Symantec Roots

2017-10-27 Thread Peter Bowen via dev-security-policy
On Tue, Oct 17, 2017 at 2:06 AM, Gervase Markham wrote: > On 16/10/17 20:22, Peter Bowen wrote: >> Will the new managed CAs, which will operated by DigiCert under >> CP/CPS/Audit independent from the current Symantec ones, also be >> included on the list of subCAs that will

Re: Mozilla’s Plan for Symantec Roots

2017-10-27 Thread Gervase Markham via dev-security-policy
On 18/10/17 13:49, Gervase Markham wrote: > Apple have confirmed that their list is complete and correct. As have Google. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Re: DRAFT November 2017 CA Communication

2017-10-27 Thread Gervase Markham via dev-security-policy
On 27/10/17 00:23, Kathleen Wilson wrote: > Looking forward to further discussion about which errata should be allowed. Those are the correct two errata. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org