On 07/10/16 12:12, Gervase Markham wrote: > Mozilla is minded to agree that it is reasonable to at least consider > the two companies separately, although that does not preclude the > possibility that we might decide to take the same action for both of > them. Accordingly, Mozilla continues to await the full remediation plan > from StartCom so as to have a full picture. However, I think we can work > towards a conclusion for WoSign now.
My view is simple: notwithstanding the dismissal of Richard Wang, I am not confident in the robustness of WoSign's technology or that it has an appropriate culture of security, and think that the measures outlined previously continue to be appropriate for the roots that they control. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
