I don't know if it was mentioned elsewhere but Symantec had an MOA with the Federal PKI which required cross-certificates. If Symantec revoked it, the MOA would also have been violated which would have severed the trust with the Federal PKI and Symantec customers.
To the particular IdenTrust CA, it was part of a different program still under the Federal PKI (the General Services Administration Access Certificates for Electronic Services Program). Coincidentally, at the same time the cross certificate was brought up, the ACES CP was updated to not allow cross-certificates. Just a coincidence which potentially led to the shorter timeline in revocation. Kenneth Myers Protiviti | Government Solutions | Manager Alexandria | +1 571-366-6120<tel:+1%20571-366-6120> | kenneth.my...@protiviti.com<mailto:kenneth.my...@protiviti.com> Connect: LinkedIn<https://www.linkedin.com/in/kennethmy> | Thought Leadership: Protiviti.com<http://www.protiviti.it/en-US/Pages/Insights.aspx> On Apr 12, 2017, at 14:42, "dev-security-policy-requ...@lists.mozilla.org<mailto:dev-security-policy-requ...@lists.mozilla.org>" <dev-security-policy-requ...@lists.mozilla.org<mailto:dev-security-policy-requ...@lists.mozilla.org>> wrote: Re: Symantec Response L NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you. _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy