All,
We are planning to start the next batch of root changes this week. The
last batch of root changes was done in October. Usually we try to do a
batch of root changes about every 3 months, but we postponed the set of
changes for January due to other priorities.
The list of changes that have already been discussed and approved is here:
https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Inclusion_Phase
In addition to those changes, we plan to do some cleanup of older roots
as follows.
https://bugzilla.mozilla.org/show_bug.cgi?id=841968
Symantec has requested that we remove the Equifax CA 2 root cert.
Friendly Name: Equifax Secure eBusiness CA 2
OU = Equifax Secure eBusiness CA-2
SHA1 Fingerprint:
39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC
https://bugzilla.mozilla.org/show_bug.cgi?id=847604
IdenTrust has requested that we turn off the websites and code signing
trust bits for two root certs.
Only the email trust bit should be enabled for both of these root certs.
Friendly name: Digital Signature Trust Co. Global CA 1
OU = DSTCA E1
O = Digital Signature Trust Co.
SHA1 Fingerprint:
81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
Friendly name: Digital Signature Trust Co. Global CA 3
OU = DSTCA E2
O = Digital Signature Trust Co.
SHA1 Fingerprint:AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
https://bugzilla.mozilla.org/show_bug.cgi?id=850740
Symantec has requested that we turn off all three trust bits for �TC
TrustCenter Universal CA III� root cert, because it is not being used yet.
CN = TC TrustCenter Universal CA III
OU = TC TrustCenter Universal CA
O = TC TrustCenter GmbH
SHA1 Fingerprint:
96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87
Please reply in this discussion if you have any concerns about these
three clean-up bugs.
Thanks,
Kathleen