Hi Jeremy, Thanks for posting the update. A few notes below, as already shared on the Bugzilla Bug where you also shared this.
On Tue, Jun 26, 2018 at 10:57 AM, Jeremy Rowley via dev-security-policy < [email protected]> wrote: > Key Dates > > . March 2018 - Beginning of phased removal of trust by root > program operators for Symantec TLS certificates issued prior to June 1, > 2016. > > . October 2018 - Full removal of trust of Symantec-issued TLS > certificates by root program operators. > One slight clarification to your dates: The removal is expected to _start_ late June/early July 2018. Thus, by July 2018, all Symantec-issued TLS certificate consumers should have begun transitioning, with the majority having completed the transition. This ensures that, should there be any unforeseen issues, they can have a small window of time to remove those issues. In particular, releases of both Firefox and Chrome are expected, no later than July, which begin distrusting these certificates, with the overall population of versions increasing to 100% by October. Thus, rather than October being a transition date from 0% to 100%, it should be seen as the transition from, say, 50% to 100%. Thus, to avoid breaking 50% of users, sites should be transitioning *now*. If it helps, you can point customers to https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html or https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/ . For Mozilla, https://wiki.mozilla.org/Release_Management/Calendar gives the calendar - Firefox 63 has begun in Central as of yesterday (i.e. June), with a scheduled Beta date of September 3. > > . By no later than Q2 CY 2019 - Full removal of Symantec-issued > TLS certificates from all major root program operators. > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
