Am Montag, 1. Mai 2017 16:49:32 UTC+2 schrieb Henri Sivonen:
> On Mon, May 1, 2017 at 11:31 AM, Gervase Markham via dev-security-policy <
>> wrote:
> > On 01/05/17 07:52, Percy wrote:
> >> It seems that StartCom continues to sell untrusted certs. Neither their
> home page nor their announcement page
> mentions that those certs are not
> trusted.
> >
> > Why is this something that Mozilla should be concerned with?
> >
> > "Selling untrusted certs" is not a crime, or a violation of any
> > standard. Mozilla is not the global authority on what certificates may
> > be issued. If StartCom are providing certificates which do not do what
> > their customers expect, I'm sure those customers will let them know
> > about it soon enough.
> What StartCom claims about compatibility is potentially more
> Mozilla-relevant than what they are silent about. At the bottom of their
> front page, it says "StartComâ„¢ / StartSSLâ„¢is supported by:" followed by
> icons. The icons include an early icon for Camino and the SeaMonkey icon.
> Since Camino was discontinued before Mozilla's change in trust in StartCom
> certificates, I guess having Camino there isn't technically incorrect, but
> is about as relevant as having the Flock icon there. However, is it correct
> to have the SeaMonkey icon there? The latest SeaMonkey release seems to
> post-date the Mozilla root program's trust change in StartCom certificates.
> (But then, it seems that there have been a number of Firefox ESR security
> patch releases that post-date the SeaMonkey release. Is SeaMonkey still
> active, despite appearing not to ship Gecko security updates, and does
> SeaMonkey implement the same trust special-casing as Firefox? It seems to
> produce nightlies still.)
> -- 
> Henri Sivonen

It seems like they have removed the icons.
dev-security-policy mailing list

Reply via email to