> -----Original Message----- > From: Gervase Markham [mailto:[email protected]] > Sent: Thursday, April 13, 2017 9:13 AM > To: Steve Medin <[email protected]>; Rick Andrews > <[email protected]>; mozilla-dev-security- > [email protected] > Subject: [EXT] Re: Questions for Symantec > > On 03/04/17 13:11, Gervase Markham wrote: > > Hi Steve and Rick, > > Q9) Can you please tell us which audit covers the following two intermediate > CAs, which are subordinates of or cross-certified by VeriSign Universal Root > Certification Authority? >
These Intermediate CAs are sub-CAs under the Verisign Universal Root CA. They are covered under Symantec’s Non-Fed SSP audits, and the latest unqualified audits that we just received are being published. The customer-specific CAs (the subordinate ICAs) signed by these sub-CAs are path length constrained and operate fully within Symantec’s infrastructure. Under the Non-Federal SSP program, they are used to issue certificates for Microsoft Windows domain controllers and IPSec endpoints. End entity certificates issued under this program are designed only to contain Federal PKI policy OIDs and to exclude any CA/B Forum required policy OIDs. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
