On Tue, Oct 11, 2016 at 7:08 AM, Nick Lamb <[email protected]> wrote: > > Some of the major root trust stores (e.g. Microsoft, Apple) also operate > their own root CA, which they include in that store, for internal purposes at > least. I believe none of them is trusted by another root trust store but in > principle they could be.
I believe that both of the ones you list have full WebTrust for CA and WebTrust for BR audits and have CAs cross-signed by other CA operators. It is possible they have additional non-cross certified roots included, but I think all are WebTrust audited. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
