I think this and most of the other 1024-bit roots was removed or restricted to email in Mozilla some time ago (last remaining one is Equifax). They had been consider obsolete for a long time.
> Date: Sun, 13 Dec 2015 00:41:45 +0100 > From: [email protected] > To: [email protected] > Subject: Remove trust of Symantec's Class 3 Public Primary Certification > Authority? > > Hi, > > It seems that Symantec will stop using the "VeriSign G1" root > certificate. In the announcement[1] they say: "Browsers may > remove TLS/SSL support for certificates issued from these roots." > > The name of the certificate seems to be "Class 3 Public Primary > Certification Authority". > > It seems google plans[2] to remove the TLS trust bits, and distrut > it instead. > > The announcement says that it's also used for code signing, but > it's not clear that it's still going to be used for that or not. > > Should Mozilla follow and disable the TLS trust bits? Add it to > the distrusted list? > > > Kurt > > [1]: > https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941&actp=LIST&viewlocale=en_US > [2]: > https://googleonlinesecurity.blogspot.be/2015/12/proactive-measures-in-digital.html > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
