Steve, Thank you for the prompt response, and I am glad this certificate was in fact validated internally by Symantec.
On Tuesday, May 2, 2017 at 6:55:13 PM UTC-4, Steve Medin wrote: > > -----Original Message----- > > From: dev-security-policy [mailto:dev-security-policy- > > bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of > > wizard--- via dev-security-policy > > Sent: Tuesday, May 02, 2017 7:10 AM > > To: mozilla-dev-security-pol...@lists.mozilla.org > > Subject: [EXT] Re: Symantec: Draft Proposal > > > > > > Also, in the responses, Symantec claims that MSC Trustgate is no longer an > > RA (but could be a reseller). I did a quick search on crt.sh for recent > > certificates that have supplied by MSC Trustgate: > > > > [link] > > > > Going back to April 2013, this is the *only* "supplied by MSC trustgate" > > certificate in crt.sh that chains off a Symantec root; all others are > > Globalsign. > > Can Symantec confirm that they vetted this (OV) certificate in-house? While > > I > > suppose MSC could supply certs from multiple CAs, I find it odd that > > everything in the logs since April 2013 is Globalsign except this one > > outlier -- > > and am concerned it means there was some mechanism for MSC to issue / > > have issued a cert off a Symantec chain -- and this concerns me given the > > higher nominal level of validation. > > MSC Trustgate is an approved reseller of Symantec certificates. They are no > longer operating as an SSL/TLS RA. This certificate was authenticated and > issued by Symantec after having been properly submitted to us by MSC > Trustgate. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy