On Friday, 11 November 2016 04:47:21 UTC, Jakob Bohm wrote: > (Example 1: Let's Encrypt is cross signed by a CA already > in existing root stores)
In fact ISRG Root X1, the new Let's Encrypt root being trusted by Mozilla (but so far not by any other major root trust store) is _not_ cross signed by anybody important. The Let's Encrypt intermediates are cross signed by Identrust's DST Root CA X3, but the root isn't. I presume this was a deliberate choice. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
