
BlueCoat now has a CA signed by Symantec - bryanmikaelian
https://twitter.com/filosottile/status/735940720931012608
======
pfg
It's a pity Symantec (with all their sub-brands) is used by such a large
number of sites that it's not feasible to simply remove them from the trust
store completely. Between the cases of misissuance, misleading marketing and
their attitude with regards to deprecating unsafe practices and technology, I
have absolutely zero trust in their ability to operate a certificate authority
safely. This is just the final nail in the coffin for me.

~~~
mpnordland
Perhaps there could be an untrust store, for CA's that should not be in the
signing chain.

~~~
scintill76
There is one: [https://blog.filippo.io/untrusting-an-intermediate-ca-on-
os-...](https://blog.filippo.io/untrusting-an-intermediate-ca-on-os-x/)
(linked from tweet) That's OS X, but probably every major trust store can do
this.

