Simple fix: submit patches to Mozilla, Chromium, etc. to remove Symantec root.
-
-
-
Replying to @FiloSottile
I know it's not simple and very controversial, which is kind of the point of submitting such a patch.
1 reply 0 retweets 2 likes -
Replying to @RichFelker @FiloSottile
A bugreport & proposed patch force them to try to justify keeping a rogue root CA, subjects them to public scrutiny.
1 reply 2 retweets 1 like -
Replying to @RichFelker
to be fair, it's not rogue. It's just a shady *organizations*. But there's no proof of bad faith for that cert.
2 replies 0 retweets 0 likes -
Replying to @FiloSottile @RichFelker
there are reporting requirements, right? afair symantec has to inform mozilla if they issue new subCAs. did they?
1 reply 0 retweets 2 likes -
-
Replying to @FiloSottile @RichFelker
to which question did you answer? :-) yep, there are requirements or yep, they reported it?
1 reply 0 retweets 1 like -
Replying to @hanno @RichFelker
I might have pushed Twitter brevity too far ;) yep they reported it
2 replies 0 retweets 0 likes -
Replying to @FiloSottile @RichFelker
ok, so for now no policy violation. just another shady CA (we already have some of them).
2 replies 0 retweets 2 likes
And how is it not a policy violation to sign a subCA that's not bound by any of the policy you're bound by??
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.