Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/Symantec Issues: Difference between revisions
Jump to navigation
Jump to search
Update Issue Y
(Add Issue Y) |
(Update Issue Y) |
||
| Line 335: | Line 335: | ||
Both intermediates are disclosed in Salesforce, and both have 15 or so also-disclosed sub-CAs which seem to be specific to particular companies. The audit associated with both of them in Salesforce is [https://www.symantec.com/content/en/us/about/media/repository/symantec_nfssp_wtca_5_13_2016.pdf this one] from May 2016, but that audit document does not list the intermediate CAs that it covers. It's from Symantec's 2015 set of audits (i.e. the set before the current one). The most recent audit which covers the VeriSign Universal Root Certification Authority is [https://www.symantec.com/content/en/us/about/media/repository/18_Symantec_STN_WTCA_period_end_11-30-2016.pdf this one], but these certificates are not on the accompanying list of intermediates. There seems to be no 2016 version of the "Symantec Non-Federal Shared Service Provider WTCA" audit in the list for 2016 in the Symantec [https://www.symantec.com/about/legal/repository.jsp?tab=Tab3 document repository]. | Both intermediates are disclosed in Salesforce, and both have 15 or so also-disclosed sub-CAs which seem to be specific to particular companies. The audit associated with both of them in Salesforce is [https://www.symantec.com/content/en/us/about/media/repository/symantec_nfssp_wtca_5_13_2016.pdf this one] from May 2016, but that audit document does not list the intermediate CAs that it covers. It's from Symantec's 2015 set of audits (i.e. the set before the current one). The most recent audit which covers the VeriSign Universal Root Certification Authority is [https://www.symantec.com/content/en/us/about/media/repository/18_Symantec_STN_WTCA_period_end_11-30-2016.pdf this one], but these certificates are not on the accompanying list of intermediates. There seems to be no 2016 version of the "Symantec Non-Federal Shared Service Provider WTCA" audit in the list for 2016 in the Symantec [https://www.symantec.com/about/legal/repository.jsp?tab=Tab3 document repository]. | ||
As far as we can tell, these intermediates are unconstrained, unrevoked and fully capable of issuing server authentication certificates which are trusted by Mozilla browsers. | As far as we can tell, these intermediates are unconstrained, unrevoked and fully capable of issuing server authentication certificates which are trusted by Mozilla browsers. They appear to be related to the US Federal Bridge PKI (see Issue L). | ||
===Symantec Response=== | ===Symantec Response=== | ||
Symantec has not yet responded to this issue. | Symantec has not yet responded to this issue. | ||