On 28/07/17 07:14, Gervase Markham wrote: > I would like to make a decision on this matter on or before July 31st,
After listening to the opinions here on m.d.s.p., and consultation within Mozilla and with our engineering teams, on the matter of when to distrust various bits of the existing Symantec PKI we have decided to match the dates proposed by Google for Chrome (within a few weeks; exact Firefox releases will be determined nearer the time). This is not the outcome we would have preferred (clearly, as it doesn't match our earlier proposal) but, given the choice before us, the benefits of a consistent cross-browser approach have been judged to be greater than the benefits of Mozilla unilaterally setting an earlier date. We expect these dates to be hit; we would look dimly on any last-minute requests to move them. I would also reiterate, in case it becomes relevant, that any change of control of some or all of Symantec's roots would not be grounds for a renegotiation of these dates. We hope that we can now move swiftly to the implementation phase, and that as it progresses we will see improved levels of security for web users and improved confidence in the WebPKI. We will be expecting and looking for exemplary standards of CA best practice from Symantec in general, and their new PKI in particular, going forward. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy