CA/Symantec Issues: Difference between revisions

Jump to navigation Jump to search

CA/Symantec Issues (view source)

Revision as of 14:01, 13 April 2017

117 bytes added ,  13 April 2017
Update timeline for issue L
(Update Issue L)
(Update timeline for issue L)
Line 135: Line 135:
===Symantec Response===
===Symantec Response===


When this was drawn to their attention, Symantec [https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/0wSUJKnH5MY/OAJD-tWBAAAJ did not revoke] the cross-sign certificate under discussion, instead allowing it to expire (less than a month later).
After this was drawn to their attention, Symantec [https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/0wSUJKnH5MY/OAJD-tWBAAAJ did not revoke] the cross-sign certificate under discussion, instead allowing it to expire. (By contrast, Identrust revoked their similar cross-signature in mid-late February, a week or so after being notified of the issue by Mozilla.)


Symantec [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/KKqGmzQIOno claim] that the problem is with browsers not processing certificate policy extensions which are used within the FPKI. When they realised the problem, they negotiated with the FPKI to allow the relevant cross-cert to expire rather than renewing it.
Symantec [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/KKqGmzQIOno claim] that the problem is with browsers not processing certificate policy extensions which are used within the FPKI. When they realised the problem, they negotiated with the FPKI to allow the relevant cross-cert to expire rather than renewing it.


===Further Comments and Conclusions===
===Further Comments and Conclusions===
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1168260"

Navigation menu