[cabfpub] LV Certificates
Rob Stradling
rob.stradling at comodo.com
Mon Dec 21 07:11:37 MST 2015
On 19/12/15, Eric Mill wrote:
<snip>
> For example: some CAs are removing previously publicly trusted root
> certificates from browser trust stores, apparently (at least in part) to
> continue issuing SHA-1 certificates to customers who have clients whose
> trust stores will continue to include those root certificates.
>
> So, the segment of LV's target audience whose constraint is that they
> aren't in a position to upgrade their browser or OS may be an excellent
> candidate for certificates issued from these roots, since presumably their
> trust store is also not receiving upgrades.
>
> The finite number of ex-publicly-trusted roots that can offer this service
> doesn't make this a very liquid market, but since we're trying to mitigate
> a hopefully temporary situation, this seems like a better direction to go
> than introducing a new certificate class into the global CA system.
Comodo intends to continue issuing SHA-1 certs that chain to our "UTN -
DATACorp SGC" root, which we have been removing from browser root stores
during Q4 2015.
It looks like Symantec are doing the same:
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html
I don't yet see any "LV" needs that can't be met by the above.
What am I missing?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list