Good catch - it would seem 10 years old to be exact: http://www.hostreview.com/news/050215geotrust.html
On Mon, Apr 6, 2015 at 10:30 AM, Peter Bowen <[email protected]> wrote: > I think that press release is years old. GeoTrust was bought by VeriSign > years ago who was then bought by Symantec. > > This kind of agreement now requires the subordinate to be audited to the > same standards as all other public CAs. > > On Apr 5, 2015 3:03 PM, "Jeffrey Walton" <[email protected]> wrote: >> >> >> http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html >> >> It appears Google's Internet Authority G2 (https://pki.google.com) >> could be part of this program since the subordinate CA is certified by >> GeoTrust Global CA. If you look at the certificate, it is *not* name >> constrained so Google can mint certificates for any domain (and not >> just its web properties). I'm not too worried about Google. But I >> can't say the same for any old organization that joins this program. >> >> Both the IETF and CA/B Forums have name constraints that could be used >> to enforce policy. The relevant documents are RFC 5280, 4.2.1.10 Name >> Constraints and Baseline Requirements, 9.7 Technical Constraints in >> Subordinate CA Certificates via Name Constraints. >> >> I'm not sure if the program targeting organizations as a subordinate >> CA is a bad idea or if GeoTrust is doing a bad job by not using name >> constraints. But as it stands, I don't like the smell of things. >> _______________________________________________ >> cryptography mailing list >> [email protected] >> http://lists.randombit.net/mailman/listinfo/cryptography > > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
