On 15/05/17 22:08, Michael Casadevall wrote: > RA & EV: > Were all the certificates issued by the RAs uploaded to a CT log? If > not, what, if any, subsets were uploaded? > > I'm aware Symantec was required to upload certificates to CT or if it > was retroactive, but I'm unsure if that requirement was extended to the RAs.
Google required Symantec to do this after a date in mid-2016. I would assume it extended to the RAs because otherwise their new certs would not be trusted in Chrome. There was no requirement on Symantec to CT-log all their previous certificates, either issued by themselves or their RAs. > I'm not sure if the green bar requires OIDs in all points along the > certificate chain or if this Florida CA could have issued an leaf > certificate by adding the OIDs there. It only requires the OID in the leaf. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy