And I think we should remove the old StartCom root certs from NSS.
Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom
~~
Mozilla currently recommends not trusting any certificates issued by this CA
after October 21st, 2016. That recommendation covers the following roots:
CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing,
O=StartCom Ltd., C=IL
CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
This restriction has been implemented in both in the Mozilla platform security
code (PSM), which is shared by the Mozilla applications (Firefox, Thunderbird,
etc.), and in addition, in the NSS library code, which is used by applications
that use the NSS certificate verification APIs.
~~
Please let me know if you foresee any problems with removing these root certs
from NSS.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
