On 28/07/17 07:14, Gervase Markham wrote:
> I would like to make a decision on this matter on or before July 31st,
After listening to the opinions here on m.d.s.p., and consultation
within Mozilla and with our engineering teams, on the matter of when to
distrust various bits of the existing Symantec PKI we have decided to
match the dates proposed by Google for Chrome (within a few weeks; exact
Firefox releases will be determined nearer the time).
This is not the outcome we would have preferred (clearly, as it doesn't
match our earlier proposal) but, given the choice before us, the
benefits of a consistent cross-browser approach have been judged to be
greater than the benefits of Mozilla unilaterally setting an earlier date.
We expect these dates to be hit; we would look dimly on any last-minute
requests to move them. I would also reiterate, in case it becomes
relevant, that any change of control of some or all of Symantec's roots
would not be grounds for a renegotiation of these dates.
We hope that we can now move swiftly to the implementation phase, and
that as it progresses we will see improved levels of security for web
users and improved confidence in the WebPKI. We will be expecting and
looking for exemplary standards of CA best practice from Symantec in
general, and their new PKI in particular, going forward.
dev-security-policy mailing list