All,
In this link, https://www.startssl.com/report/StartCom_Remediation_Plan_14102016.pdf, you´ll find the detailed remediation plan for StartCom as was notified last week. It took us some time to have all the people needed for these tasks and clarify the dates for fixing all the possible findings. StartCom considers this plan accurate and enough to the Mozilla community, specially for their users base, to regain and keep the confidence on our capacity as a trusted CA. In the plan you all can see that regarding the PKI system, there are 2 actions based on timing, but always using the current roots, we may rethink, due to the email delivered by Mozilla yesterday, if the mid term solution has to be changed and instead of doing for the current roots, this has to be done for new roots, which would mean a longer delay because would need to almost start from scratch. We´d like to hear from Mozilla in this regard and if so, would allow Startcom some more time. Anyway, this remediation plan is to be executed by all means, but would like to be sure about the mid term solution. Regards
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy