I don't know if it was mentioned elsewhere but Symantec had an MOA with the 
Federal PKI which required cross-certificates. If Symantec revoked it, the MOA 
would also have been violated which would have severed the trust with the 
Federal PKI and Symantec customers.

To the particular IdenTrust CA, it was part of a different program still under 
the Federal PKI (the General Services Administration Access Certificates for 
Electronic Services Program). Coincidentally, at the same time the cross 
certificate was brought up, the ACES CP was updated to not allow 
cross-certificates. Just a coincidence which potentially led to the shorter 
timeline in revocation.

Kenneth Myers
Protiviti | Government Solutions | Manager
Alexandria | +1 571-366-6120<tel:+1%20571-366-6120> | 
kenneth.my...@protiviti.com<mailto:kenneth.my...@protiviti.com>
Connect: LinkedIn<https://www.linkedin.com/in/kennethmy> | Thought Leadership: 
Protiviti.com<http://www.protiviti.it/en-US/Pages/Insights.aspx>

On Apr 12, 2017, at 14:42, 
"dev-security-policy-requ...@lists.mozilla.org<mailto:dev-security-policy-requ...@lists.mozilla.org>"
 
<dev-security-policy-requ...@lists.mozilla.org<mailto:dev-security-policy-requ...@lists.mozilla.org>>
 wrote:

Re: Symantec Response L
NOTICE: Protiviti is a global consulting and internal audit firm composed of 
experts specializing in risk and advisory services. Protiviti is not licensed 
or registered as a public accounting firm and does not issue opinions on 
financial statements or offer attestation services. This electronic mail 
message is intended exclusively for the individual or entity to which it is 
addressed. This message, together with any attachment, may contain confidential 
and privileged information. Any views, opinions or conclusions expressed in 
this message are those of the individual sender and do not necessarily reflect 
the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, 
printing, copying, retention, disclosure or distribution is strictly 
prohibited. If you have received this message in error, please immediately 
advise the sender by reply email message to the sender and delete all copies of 
this message. Thank you.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to