On Thursday, 9 February 2017 03:08:14 UTC, Ryan Sleevi wrote: > 19) Can you confirm that Certsuperior, Certisign, CrossCert, and Certisur > are the only Delegated Third Parties utilized by Symantec, across all > Symantec operated CAs that are trusted by Mozilla products?
Maybe Ryan has better information than me, but I had assumed that in practice all the companies identified on their site as Symantec "Affiliates" offering SSL are or have been Delegated Third Parties under the BRs. https://forms.ws.symantec.com/verisign-worldwide/index.html I confess that I reached this supposition by Googling "Symantec Crosscert" and thinking about what I found, rather than through deep knowledge of Symantec's business or direct personal information. Symantec provides the following links for "affiliates" offering SSL https://www.acs.altech.co.za/symantec-pki https://www.egypttrust.com/ http://www.comsign.co.il/ http://www.verisign.co.jp/ http://www.crosscert.com/ http://www.itrus.com.cn/ http://www.msctrustgate.com/ http://www.mysecuresign.com/ http://www.niftetrust.com/ http://www.safescrypt.com/ http://www.adacom.com/ http://www.skyrr.is/ http://www.telefonica.es/ http://www.trustitalia.it/ http://www.certsuperior.com/ http://www.certisign.com.br/ http://www.certisur.com/ http://www.e-sign.cl/ Some of those were on Ryan's list above already, and some are defunct, but despite language barriers I think I was able to determine that some of the others are selling Symantec certificates. I suppose it's possible that they're merely acting as resellers and all validation etc. is done by Symantec, but I wanted to flag it up. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
