-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
Am 04/28/2014 09:20 PM, schrieb Eddy Nigg: > On 04/28/2014 05:53 AM, Eric Mill wrote: >> I appreciate how diligent you're being about responding to >> everyone. And, as I've said elsewhere, I haven't believed that >> there's an ethical problem with offering free certs with paid >> revocations as a general business practice. > > OK > >> Resist generalizing: would offering a one-time free revocation >> for any domain whose owner says the word "Heartbleed" be feasible >> *right now* for Startcom? Could Startcom get through it okay? > > I don't think so, not without a financial loss, which we would have > to cover from somewhere else. A change to the business model [...] well... sadly, I don't think that were actually making any progress in this discussion. The positions seem to be fixed and there hardly any new arguments provided. Thus I vote for a resolution. @[email protected] - I _really_ think that we need an qualified / official statement by Mozilla. Please provide it asap - or - give an estimation on a certain time frame: Does StartSSL violate Mozilla's policies by not revoking certificates assumed to be compromised? (Compromised, due to heartbleed, not revoked, because of non-paying subscribers?) If yes: Is StartSSL still considered to be trustworthy, aka shipped the truststore? (This is why I CC'ed [email protected]) Thanks in advance, Jan Luehr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTXsJ/AAoJEBbh0SAKTJyukM0QAJRZyplHDmeXwsJanL2WTXSJ WyxEWPiuFrPeVuwExX/Suh+nnWW6Iy6rAOszKK4J7DO87zJ4XypFwPbPZE+Yi7G0 auvyVYt8ZN9WOjs8r97ikfRTZVFtsDQlmhEgZqa0n6bxn7KblxyrHki/3DZli21e X4udPCeJPuBZFy60IjSaoJoD5/cADxIDyFOhWGKBACRp4kPXsrDOv6znS248iBDV Be7ygi45RnnKbX+mQN4I7qM0aMOxA8YRVASgA4DD2/nMBCSMMsaAN9bZw83Lre9N dRfsvfnioMwdS/y4WWZzPS7KrbTG+SoWjz2FRRrNiMSNi6SW9NwZVK8jWD44eQSm X3nfvnp3pPMDFfgd5gwZVk9VL2M84E7rOoQyj6XE5qWRozGLhs3K84tO3gHj80NP cuPz8Qiktt0q+RpnS6ecZlre/0MiWO7ljcBI26cLadQMGKQJRnV1161gZLQd8oEf GOsaKunetgvq6O10hHmaSRq9ARWmoHl1Mgd6rNwcOrn9bRxTiCNHq3vbAjPkm8RD Ju4d26GdOLjXtEX6yYIlrOgtZUydhK1wOVq6w1gKxxgxJgwKJA9u+grpQHG1v8lP fHW1mHWBs6bRPeHqT55k30Obz+o9diDA8WV8qdGB/VOX+OEY0i1I+XSpR6S3PH79 e58C/Am59x9UP5Gr/2/m =LIfE -----END PGP SIGNATURE----- _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
