On 13.03.2018 15:59, Peter Bowen wrote: >> >> Which companies, other than Apple and Google, benefit from DigiCert >> running the Manager Partner Infrastructure and from DigiCert being part >> of the exclusion list? > > An unlimited set. Any company who purchases a certificate from > DigiCert that is issued by one of the Managed Partner Infrastructure > CAs benefits.
Thank you very much for this helpful statement. I understand that previously, the trust of DigiCert Partner CAs was enabled by signing from Symantec CAs. Because the keys of the managed partner CAs were never controlled by Symantec, it is deemed acceptable to allow these to remain trusted. My conclusion is, the blog post is incomplete. IIUC, the blog post should be updated to add DigiCert as another entity controlling subordinate CAs on the exception list. It might be worth to mention in the article, why the exception for these subordinate CAs is deemed acceptable. IMHO, it is important to highlight that Apple and Google aren't the only entities that own certificates that will remain valid under the Symantec hierarchy. Thanks Kai _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy