We've never had a situation like this, partly due to the fact there are only two VMC sellers, Entrust and Digicert (as I understand it everyone else selling these is a reseller). But I can't see why the issues at Entrust would be restricted to their web cert business and not the VMC business (which are virtually identical products/processes). And thus I can't imagine why the rest of Google wouldn't remove their trust in Entrust as well.
On Thu, Jun 27, 2024 at 2:47 PM Mike Shaver <[email protected]> wrote: > AFAIK, BIMI certs are not related to the browser root stores in any way, > and aren’t signed by server certificate roots. > > Mike > > On Thu, Jun 27, 2024 at 4:31 PM 'Kurt Seifried' via > [email protected] <[email protected]> wrote: > >> Also do we know what is happening with their VMC root cert? CN = Entrust >> Verified Mark Root Certification Authority - VMCR1 which is used for >> Verified Mark Certificates aka BIMI logos, and is currently supported in >> Gmail? Do we know if Gmail be removing support for Entrust based VMC >> certificates and thus BIMI logos done via Entrust? Seeing as how your >> choices for buying a BIMI/VMC cert are Entrust (or a reseller) and Digicert >> the removal of trust in CN = Entrust Verified Mark Root Certification >> Authority - VMCR1 will basically break most BIMI logos in any email >> platform that supports BIMI and decides to remove Entrust.. >> >> Example: >> >> $ wget https://bimi.entrust.net/cloudsecurityalliance.org/certchain.pem >> $ while openssl x509 -noout -text; do :; done < certchain.pem >> >> And for additional context on who uses Entrust: >> https://bimiradar.com/glob#logos >> >> -- >> Kurt Seifried (He/Him) >> [email protected] >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa39KCFVyaMWOfMR%3Dc%3DskCK8byzjmX6unva0RCLe8Z_5uWA%40mail.gmail.com >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa39KCFVyaMWOfMR%3Dc%3DskCK8byzjmX6unva0RCLe8Z_5uWA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- Kurt Seifried (He/Him) [email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa38gVQP%2BO%2BL11G%2BrObdYWbMFcV_bkT%3DAVGAMNnkXyFtiAQ%40mail.gmail.com.
