On 07/06/17 22:30, Jakob Bohm wrote: > Potential clarification: By "New PKI", Mozilla apparently refers to the > "Managed CAs", "Transition to a New Symantec PKI" and related parts of > the plan, not to the "new roots" for the "modernized platform" / "new > infrastructure".
I expect those things to be interlinked; by "New PKI" I was referring to them both. Symantec has not yet stated how they plan to structure their new arrangements, but I would expect that the intermediate certs run by the managed CAs would in some way become part of Symantec's new PKI, operated by them, once it was up and running. Ryan laid out a way Symantec could structure this on blink-dev, I believe, but the final structure is up to them. > Potential clarification: Mozilla's #3 requirement applies to both the > "new PKI" and the "new roots" for the "new infrastructure". Yes, I suppose so, although I would expect such an extra-detailed audit to be done on the new infrastructure rather than on the Managed CA infrastructure which is owned by another CA. Gerv _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy