On Mon, December 9, 2013 1:03 pm, Eddy Nigg wrote: > On 12/09/2013 08:09 PM, From Kathleen Wilson: > > On 12/9/13 9:42 AM, Kathleen Wilson wrote: > >> Mozilla Security Blog post: > >> > >> https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ > >> > >> > >> > >> Google's blog post: > >> http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html > >> > >> > >> > >> The CA's public statement: > >> http://www.ssi.gouv.fr/fr/menu/actualites/suppression-d-une-branche-de-l-igc-a.html > >> > >> > >> http://www.ssi.gouv.fr/en/the-anssi/events/revocation-of-an-igc-a-branch-808.html > >> > >> > > > > Microsoft's security advisory: > > http://technet.microsoft.com/en-us/security/advisory/2916652 > > > > Opera's security blog post: > > http://blogs.opera.com/security/2013/12/certificate-update/ > > > > > > Well well....any actions applied upon the CA to improve controls in > order to prevent another such occurrence? Is this CA compliant to the BR > and Mozilla's CA policy and requirements? Any bug to track that? > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > XMPP: [email protected] > Blog: http://blog.startcom.org/ > Twitter: http://twitter.com/eddy_nigg >
According to https://wiki.mozilla.org/CA:Communications#January_10.2C_2013 (see the Responses section), this CA has indicated that they do not expect to begin operating in full compliance to the Baseline Requirements and to Mozilla's 2.1 Inclusion Policy until Dec 2015/January 2016. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
