> Of all these, Starfield seems to be the only case where a single CA > name now refers to two different current CA operators (GoDaddy and > Amazon). All the others are cases of complete takeover. None are > cases where the name in the certificate is a still operating CA > operator, but the root is actually operated by a different entity > entirely.
That is true, but my point is that one can not rely on the name in root certificates, when certs are made to be good for well over a decade the concept of name continuity just doesn't hold. > Also, I don't see Google on that list. I noticed that too, Ill be reaching out to Microsoft to make sure its updated. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy