> -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of > wizard--- via dev-security-policy > Sent: Tuesday, May 02, 2017 7:10 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: [EXT] Re: Symantec: Draft Proposal > > > Also, in the responses, Symantec claims that MSC Trustgate is no longer an > RA (but could be a reseller). I did a quick search on crt.sh for recent > certificates that have supplied by MSC Trustgate: > > [link] > > Going back to April 2013, this is the *only* "supplied by MSC trustgate" > certificate in crt.sh that chains off a Symantec root; all others are > Globalsign. > Can Symantec confirm that they vetted this (OV) certificate in-house? While I > suppose MSC could supply certs from multiple CAs, I find it odd that > everything in the logs since April 2013 is Globalsign except this one outlier > -- > and am concerned it means there was some mechanism for MSC to issue / > have issued a cert off a Symantec chain -- and this concerns me given the > higher nominal level of validation.
MSC Trustgate is an approved reseller of Symantec certificates. They are no longer operating as an SSL/TLS RA. This certificate was authenticated and issued by Symantec after having been properly submitted to us by MSC Trustgate. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
