On Monday, September 12, 2016 at 6:14:34 PM UTC-7, Richard Wang wrote: > Please don't mix StartCom with WoSign case, StartCom is 100% independent at > 2015. > > Even now, it still independent in the system, in the validation team and > management team, we share the CRL/OCSP distribution resource only.
There is ample, growing, and unaddressed evidence suggesting otherwise. However, for purposes of this thread, and this discussion, and based upon the evidence shared thus far (and presumably, more to come), and based on your current set of responses, it seems reasonable that Relying Parties be concerned about ensuring solutions address both CAs, if people conclude they are the same and as the evidence clearly supports, since we can assume a solution that addresses both will, however imperfectly or suboptimally, also be able to address one in individual. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
