That's correct. -----Original Message----- From: Peter Bowen [mailto:[email protected]] Sent: Thursday, June 23, 2016 2:39 PM To: Ben Wilson <[email protected]> Cc: Eric Mill <[email protected]>; Kurt Roeckx <[email protected]>; Richard Barnes <[email protected]>; Jeremy Rowley <[email protected]>; Steve <[email protected]>; [email protected]; Kathleen Wilson <[email protected]>; Rob Stradling <[email protected]> Subject: Re: Intermediate certificate disclosure deadline in 2 weeks
On Thu, Jun 23, 2016 at 11:45 AM, Ben Wilson <[email protected]> wrote: > Another issue that needs to be resolved involves the Federal Bridge > CA 2013 (“Federal Bridge”). When a publicly trusted sub CA > cross-certifies the Federal Bridge, then all of the CAs cross-certified by > the Federal Bridge > are trusted. The chart (https://crt.sh/mozilla-disclosures) then captures > all “non-publicly-trusted” sub CAs. For instance, the following CAs > are now caught up in the database, but there is no way to input them > (or CAs subordinate to them) into Salesforce because only the CA that > cross-certified the Federal Bridge has access to that certificate > chain in Salesforce. In otherwords, I don’t have access to input the > DigiCert Federated ID CA-1 or its sub CAs. Ben, Correct me if I'm wrong, but the DigiCert CA you mention is part of a different PKI from the DigiCert public roots in Mozilla, right? The only reason that it is showing in the list is because a non-DigiCert CA cross-signed the Federal PKI and the Federal PKI cross-signed the DigiCert CA in question, correct? Thanks, Peter
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
