Symantec logs TLS server certificates that are intended to be trusted by Chrome to Certificate Transparency logs. Symantec does not systematically log other certificate types to CT, including Class 1, Class 2 and other types of user certificates.
The Adobe Approved Trust List intermediate CA does not issue TLS certificates. This subCA issues Adobe document digital signature certificates that identify people and organizations and as such they are not systematically included in CT logging. See also: https://helpx.adobe.com/acrobat/kb/approved-trust-list2.html https://helpx.adobe.com/acrobat/kb/approved-trust-list2/_jcr_content/main-pars/download-section/download-1/file.res/aatl_technical_requirements_v14.pdf From: Alex Gaynor [mailto:agay...@mozilla.com] Sent: Friday, May 05, 2017 10:18 AM To: Steve Medin <steve_me...@symantec.com> Cc: Gervase Markham <g...@mozilla.org>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: [EXT] Symantec: Draft Proposal To ask a substantive question, you have asserted that all certificates issued have been logged to CT; this Symantec CA currently has no publicly logged issued certificates: https://crt.sh/?sha256=68a9878d55ad42107cfeb758e34873686969b0a47c7468fb189991acb62da798&opt=mozilladisclosure<https://clicktime.symantec.com/a/1/DpMVeod7OdWoZrchhebweNegkGMPsUHp-1SWSqHLiWg=?d=Z1VSr8kRHw-swZNCE6n0F6PJqS6Dawy0ZRX24ox8r12BLpDUpmwr2X0yO-UqN1DccyjCinObo29F4evy4ZTl321EROz_CUwk2Ph-0yTAk7_QFo0UyMEIbnfZbjKKwoOKM57FZ2pYUpkFOpFhmST_wLeoBztL6ERQ3p_LHV3k2r7Zvwr0y4AMyFUV-bsZ4TcJ8IxShADpdauwBawRNGCpwxuCt2rPgjaoGvJ5MOiYZcwFM00xu7ZRLvkJ7o577ceGmn6MisHkhyHX_7MZqVMtpUVMwU5L_HfezBj76rliUXPk9o1HD_udc5oCBn2sSiOSGZGQznN6inakQDPVY3BqkLX-UvpTxecosycllppwkMG7_iMTqQOfAuKCDrxHzhWL000nMcOq-afUAfeaHNF_&u=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D68a9878d55ad42107cfeb758e34873686969b0a47c7468fb189991acb62da798%26amp%3Bopt%3Dmozilladisclosure>. Can you confirm that this CA has _never_ been used to issue a certificate? (There ar e several other similar Symantec intermediates for which there are no publicly logged certs about which I have the same question). _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy