On Friday, 22 April 2016 01:00:42 UTC+1, Rick Andrews wrote: > Symantec AATL ECC Intermediate CA was never intended for issuing SSL/TLS > certificates. It has never been used and will not be used in the future for > SSL/TLS. As such, it hasn't been disclosed to date. We are planning to revoke > the Symantec AATL ECC Intermediate CA and provide it along with the "Revoked" > list of ICAs to Mozilla in the coming month.
Mozilla's policy doesn't ask you to decide what you "intend" to use an intermediate for, it tells you to make a very simple binary decision, either the intermediate must be technically constrained according to Mozilla's rules or it must be publicly disclosed AND included in your audits. So far as I can see you chose "Neither" which is non-compliant. In 2014 Mozilla's periodic communication to CAs included an entire section asking CAs to confirm that they had read and obeyed these rules about SubCAs from its policy. Symantec picked option A, confirming that they had read and obeyed all the rules. Did you write that answer? Why? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy