I also think we should remove the old WoSign root certs from NSS.
Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
~~
Mozilla currently recommends not trusting any certificates issued by this CA
after October 21st, 2016. That recommendation covers the following roots:
CN=CA 沃通根证书, OU=null, O=WoSign CA Limited, C=CN
CN=Certification Authority of WoSign, OU=null, O=WoSign CA Limited, C=CN
CN=Certification Authority of WoSign G2, OU=null, O=WoSign CA Limited, C=CN
CN=CA WoSign ECC Root, OU=null, O=WoSign CA Limited, C=CN
This restriction has been implemented in both in the Mozilla platform security
code (PSM), which is shared by the Mozilla applications (Firefox, Thunderbird,
etc.), and in addition, in the NSS library code, which is used by applications
that use the NSS certificate verification APIs.
~~
Please let me know if you foresee any problems with removing these root certs
from NSS.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
