On 13.03.2018 15:59, Peter Bowen wrote:
>>
>> Which companies, other than Apple and Google, benefit from DigiCert
>> running the Manager Partner Infrastructure and from DigiCert being part
>> of the exclusion list?
> 
> An unlimited set.  Any company who purchases a certificate from
> DigiCert that is issued by one of the Managed Partner Infrastructure
> CAs benefits.

Thank you very much for this helpful statement.

I understand that previously, the trust of DigiCert Partner CAs was
enabled by signing from Symantec CAs.

Because the keys of the managed partner CAs were never controlled by
Symantec, it is deemed acceptable to allow these to remain trusted.

My conclusion is, the blog post is incomplete.

IIUC, the blog post should be updated to add DigiCert as another entity
controlling subordinate CAs on the exception list.

It might be worth to mention in the article, why the exception for these
subordinate CAs is deemed acceptable.

IMHO, it is important to highlight that Apple and Google aren't the only
entities that own certificates that will remain valid under the Symantec
hierarchy.

Thanks
Kai
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to