On 12.03.2018 22:19, Kathleen Wilson via dev-security-policy wrote:
> Wayne and I have posted a Mozilla Security Blog regarding the current
> plan for distrusting the Symantec TLS certs.
> https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/

Hello Kathleen and Wayne,

the blog post says, the subCAs controlled by Apple and Google are the
ONLY exceptions.

However, the Mozilla Firefox code also treats certain DigiCert subCAs as

Based on Ryan Sleevi's recent comments on this list, I had concluded
that the excluded DigiCert subCAs are used to support companies other
than Apple and Google. Is my understanding right or wrong?

Are Apple and Google really the only beneficials of the exceptions, or
should the blog post get updated to mention the additional exceptions?

dev-security-policy mailing list

Reply via email to