[tbb-dev] Symantec CA
Georg Koppen
gk at torproject.org
Mon May 30 09:31:20 UTC 2016
Jeff Burdges:
>
> Apologies if this is kinda a dumb question.
>
> Symantec has some issues as a CA :
> http://www.tomshardware.com/news/google-removes-symantec-root-certificate,30742.html
> https://blog.filippo.io/untrusting-an-intermediate-ca-on-os-x/
>
> I cannot find any certificates by them in either Iceweasel or TBB. Yet,
> neither can I find any negative news articles on their status with
> Mozilla.
>
> Were they excluded in the past for seeming untrustworthy? Or are they
> valid but not showing up for some other reason?
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/UxQFqe9us90
should have the answer for you. Both to the things raised in the Tom's
hardware post and the more general question. Oh, and the original Google
blog post
(https://security.googleblog.com/2015/12/proactive-measures-in-digital.html)
has the answer, too: The root cert is *operated* by Symantec but this
and others are not from them:
Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20160530/540c5396/attachment.sig>
More information about the tbb-dev
mailing list