On Wednesday, 13 April 2016 21:39:48 UTC+1, Kathleen Wilson wrote: > I have added links to reports of the responses to the March 2016 CA > Communication survey: > > https://wiki.mozilla.org/CA:Communications#March_2016_Responses
Thanks Kathleen, I have compared the list of responses to the list of included CAs also driven by Salesforce, and there is a considerable discrepancy. First pass of "missing" responses is: Certicámara S.A. China Financial Certification Authority (CFCA) Cybertrust Japan / JCSI Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe) Government of France (ANSSI, DCSSI) Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) RSA the Security Division of EMC Start Commercial (StartCom) Ltd. SwissSign AG Trend Micro Visa Web.com Probably some of these can be explained away as re-names or acquisitions, I'd appreciate it if Kathleen or the CA owners point out any examples of that above. Perhaps also a few more responses will trickle in late over this weekend. If in fact no response was received then immediately it doesn't make any sense to continue processing applications to add roots or increase trust for the organisations that haven't responded, purely as an anti-exploitation measure. Longer term it may even make sense to simply remove all trust for roots operated by these CAs, perhaps after a reminder / warning. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
