Also do we know what is happening with their VMC root cert? CN = Entrust Verified Mark Root Certification Authority - VMCR1 which is used for Verified Mark Certificates aka BIMI logos, and is currently supported in Gmail? Do we know if Gmail be removing support for Entrust based VMC certificates and thus BIMI logos done via Entrust? Seeing as how your choices for buying a BIMI/VMC cert are Entrust (or a reseller) and Digicert the removal of trust in CN = Entrust Verified Mark Root Certification Authority - VMCR1 will basically break most BIMI logos in any email platform that supports BIMI and decides to remove Entrust..
Example: $ wget https://bimi.entrust.net/cloudsecurityalliance.org/certchain.pem $ while openssl x509 -noout -text; do :; done < certchain.pem And for additional context on who uses Entrust: https://bimiradar.com/glob#logos -- Kurt Seifried (He/Him) [email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa39KCFVyaMWOfMR%3Dc%3DskCK8byzjmX6unva0RCLe8Z_5uWA%40mail.gmail.com.
