IIRC, the disclosure requirement is in terms of certificates, and the disclosure responsibility is on the issuing CA. So you would have one disclosure per certificate, and the issuing CA would be responsible.
Note that you can end up with multiple parents for the same exact certificate, but that requires that each parent have the same public key -- so if those parents are owned by different organizations, we would have a problem! On Fri, May 13, 2016 at 2:08 PM, Rob Stradling <rob.stradl...@comodo.com> wrote: > Kathleen, > > Some NSS built-in roots are cross-certified by other built-in roots. > > When an intermediate cert chains to multiple roots, does it need to be > disclosed multiple times (once for each root)? > > Or, if it only needs to be disclosed once, then how should we determine > which CA is responsible for disclosing? (Shortest chain, perhaps?) > > Thanks. > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
