Hi, It seems that Symantec will stop using the "VeriSign G1" root certificate. In the announcement[1] they say: "Browsers may remove TLS/SSL support for certificates issued from these roots."
The name of the certificate seems to be "Class 3 Public Primary Certification Authority". It seems google plans[2] to remove the TLS trust bits, and distrut it instead. The announcement says that it's also used for code signing, but it's not clear that it's still going to be used for that or not. Should Mozilla follow and disable the TLS trust bits? Add it to the distrusted list? Kurt [1]: https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941&actp=LIST&viewlocale=en_US [2]: https://googleonlinesecurity.blogspot.be/2015/12/proactive-measures-in-digital.html _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
