Good to know that our new certs are there :-)
Regarding StartCom, these are the new certs we´ve generated and will be used
to apply for inclusion in the Mozilla root program. Nothing to disclose at
the moment I guess. We´ve not been audited yet nor applied.

Best regards

Iñigo Barreira
StartCom CA Limited

-----Original Message-----
From: dev-security-policy
On Behalf Of Rob Stradling via dev-security-policy
Sent: jueves, 27 de abril de 2017 12:38
To: mozilla-dev-security-policy
Subject: Re: Symantec Conclusions and Next Steps

On 26/04/17 21:21, Rob Stradling via dev-security-policy wrote:
> (Note: A few of the non-Symantec entries currently listed by 
> are false positives, I 
> think.  It looks like Kathleen has marked some roots as "Removed" on 
> CCADB ahead of the corresponding certdata.txt update on mozilla-central).

Ah, I take that back.  The March certdata.txt update did hit mozilla-central
on 11th April, but I missed an alert.  I've just pushed that update to is currently free of false
positives.  It shows that DigiCert, StartCom and Symantec are currently
out-of-compliance with Mozilla's disclosure requirement.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

dev-security-policy mailing list

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to