On Sat, Jan 5, 2013 at 4:23 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst <ryan.hu...@globalsign.com> wrote: >> .... > In the future, we won't need their honesty. Or the 'honesty' they want > use to perceive. > > .... > > Did anyone really think a CA would risk a multimillion dollar business? > Did anything ever emerge about the pre-blog deal?
I suspect Mozilla/Trustwave transpired as follows: (1) Trustwave issues certificate(s), violates agreements (2) Trustwave realizes they are exposed to risk that could result in reputational and financial loss (3) Trustwave legal engages Mozilla (4) A deal is brokered (5) After the deal was executed, Trustwave blogged about the incident. Everything Trustwave and Mozilla did [publicly] was likely a dog and pony show to alter our perception of reality. The outcome was already known and fixed. Otherwise, Trustwave lawyers would never have agreed to the deal, and the blog never would have occurred. Mozilla had to play dumb to ensure it did not suffer reputational loss; or jeopardize their relationship with Google, which could have resulted in significant financial loss. That also explains why the safety net failed. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography