Hi Jeremy,
Thanks for posting the update. A few notes below, as already shared on the
Bugzilla Bug where you also shared this.
On Tue, Jun 26, 2018 at 10:57 AM, Jeremy Rowley via dev-security-policy <
dev-secur...@lists.mozilla.org> wrote:
> Key Dates
>
> . March 2018 - Beginning of phased removal of trust by root
> program operators for Symantec TLS certificates issued prior to June 1,
> 2016.
>
> . October 2018 - Full removal of trust of Symantec-issued TLS
> certificates by root program operators.
>
One slight clarification to your dates: The removal is expected to _start_
late June/early July 2018.
Thus, by July 2018, all Symantec-issued TLS certificate consumers should
have begun transitioning, with the majority having completed the
transition. This ensures that, should there be any unforeseen issues, they
can have a small window of time to remove those issues.
In particular, releases of both Firefox and Chrome are expected, no later
than July, which begin distrusting these certificates, with the overall
population of versions increasing to 100% by October. Thus, rather than
October being a transition date from 0% to 100%, it should be seen as the
transition from, say, 50% to 100%. Thus, to avoid breaking 50% of users,
sites should be transitioning *now*.
If it helps, you can point customers to
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html
or
https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/
. For Mozilla,
https://wiki.mozilla.org/Release_Management/Calendar gives
the calendar - Firefox 63 has begun in Central as of yesterday (i.e. June),
with a scheduled Beta date of September 3.