Eddy Nigg wrote: >> So IMO you get points for prompt disclosure and fixes, but in the end >> you messed up just like Comodo and CertStar did. > > Nonono :-) > > I see the main differences as followed and I believe the main > differences are policy wise (and allow me to comment on this since you > made the comparison).
Eddy: I don't think Frank is saying that you made the _same_ mistakes as CertStar (out-sourcing validation etc. etc.), but that you made _a_mistake_, just like they did. He then goes on to make the point that making a mistake is not the end of the world. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto