Gerv,

In the interest of an easy to read set of responses to your questions and many 
submitted in response to our recent posts, we have prepared a PDF and attached 
it to the Bugzilla tracking this discussion.

That PDF is available at https://bugzilla.mozilla.org/attachment.cgi?id=8860216.


> -----Original Message-----
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Thursday, April 13, 2017 9:13 AM
> To: Steve Medin <steve_me...@symantec.com>; Rick Andrews
> <rick_andr...@symantec.com>; mozilla-dev-security-
> pol...@lists.mozilla.org
> Subject: [EXT] Re: Questions for Symantec
>
> On 03/04/17 13:11, Gervase Markham wrote:
> > Hi Steve and Rick,
>
> Q9) Can you please tell us which audit covers the following two intermediate
> CAs, which are subordinates of or cross-certified by VeriSign Universal Root
> Certification Authority?
>
> VeriSign Class 3 SSP Intermediate CA - G2
>
> Symantec Class 3 SSP Intermediate CA - G3
>
>
> The following period-of-time audit is the most recent one which covers the
> VeriSign Universal Root Certification Authority:
> https://www.symantec.com/content/en/us/about/media/repository/18_Sy
> mantec_STN_WTCA_period_end_11-30-2016.pdf
> However, these certificates are not on the accompanying list of
> intermediates.
>
> Is it correct that these intermediates are unconstrained and fully capable of
> issuing server authentication (SSL/TLS) certificates which are trusted by
> Mozilla browsers?
>
> Thanks,
>
> Gerv

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to