On 29/07/17 09:29, Nick Lamb wrote: > So I will expend my effort instead on pressing for Mozilla to handle > final distrust of the old Symantec CA roots in its usual fashion and > explicitly _not_ do as Symantec asked in leaving it enabled in the > NSS trust set we know is relied upon (whether wisely or not) by lots > of things other than web browsers.
In accordance with the principles set down in messages in this group earlier in the process, the plan is to make the NSS trust store reflect, as closely as we can given its limited ability to encode arbitrarily complex decisions, the trust decisions made by Mozilla. Therefore, if Mozilla no longer trusts a root, it will not appear in the NSS trust store. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
