← GlobalSign nv-sa cases
Bugzilla #1347882
Root Update Request
GlobalSign: Remove EV bit from ex-GS roots now owned by GTS
RESOLVED
GlobalSign nv-sa
AI Summary
GlobalSign has transferred two root certificates to Google Trust Services (GTS), which are currently enabled for Extended Validation (EV) treatment. Due to GTS not having an EV audit, it was determined that the EV status should be removed from these roots to prevent misissuance. The plan includes adding a GlobalSign-controlled intermediate to the trust store and revoking the EV status from the transferred roots.
Chronology
- Initial discussion on removing EV status
- Finalized tasks for Mozilla and GlobalSign
- EV treatment removed in Firefox 55
- Case marked for resolution
Participants
Gervase Markham
Kathleen Wilson
Rob
Douglas Beattie
External References
Similar Local Cases
Refresh the GlobalSign Root CA cert (will be EV)
Turn off websites and code signing trust bits for two IdenTrust root certs
Turn off Websites trust bit for OpenTrust and Certplus root certs
Basic Constraint Ext: Proposal: Remove old Entrust 2048 root, add equivalent 2048 intermediate
Enable EV and Turn on Code Signing trust bit for TWCA Root certificate
New EV Policy OID for CFCA EV root
Replace Entrust.net Certification Authority (2048) root certificate
Delete Visa International Root - GP2 and add Visa International Root - InfoDelivery