AFAIK, BIMI certs are not related to the browser root stores in any way, and aren’t signed by server certificate roots.
Mike On Thu, Jun 27, 2024 at 4:31 PM 'Kurt Seifried' via [email protected] <[email protected]> wrote: > Also do we know what is happening with their VMC root cert? CN = Entrust > Verified Mark Root Certification Authority - VMCR1 which is used for > Verified Mark Certificates aka BIMI logos, and is currently supported in > Gmail? Do we know if Gmail be removing support for Entrust based VMC > certificates and thus BIMI logos done via Entrust? Seeing as how your > choices for buying a BIMI/VMC cert are Entrust (or a reseller) and Digicert > the removal of trust in CN = Entrust Verified Mark Root Certification > Authority - VMCR1 will basically break most BIMI logos in any email > platform that supports BIMI and decides to remove Entrust.. > > Example: > > $ wget https://bimi.entrust.net/cloudsecurityalliance.org/certchain.pem > $ while openssl x509 -noout -text; do :; done < certchain.pem > > And for additional context on who uses Entrust: > https://bimiradar.com/glob#logos > > -- > Kurt Seifried (He/Him) > [email protected] > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa39KCFVyaMWOfMR%3Dc%3DskCK8byzjmX6unva0RCLe8Z_5uWA%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa39KCFVyaMWOfMR%3Dc%3DskCK8byzjmX6unva0RCLe8Z_5uWA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqv%2B1gUHKEKcCMDX1M6XOGntVeJ2fZD6pr0HUM%3D_KnZYuQ%40mail.gmail.com.
