In this link,, you´ll 
find the detailed remediation plan for StartCom as was notified last week. It 
took us some time to have all the people needed for these tasks and clarify the 
dates for fixing all the possible findings.

StartCom considers this plan accurate and enough to the Mozilla community, 
specially for their users base, to regain and keep the confidence on our 
capacity as a trusted CA.

In the plan you all can see that regarding the PKI system, there are 2 actions 
based on timing, but always using the current roots, we may rethink, due to the 
email delivered by Mozilla yesterday, if the mid term solution has to be 
changed and instead of doing for the current roots, this has to be done for new 
roots, which would mean a longer delay because would need to almost start from 

We´d like to hear from Mozilla in this regard and if so, would allow Startcom 
some more time.

Anyway, this remediation plan is to be executed by all means, but would like to 
be sure about the mid term solution.


Iñigo Barreira


StartCom CA limited

dev-security-policy mailing list

Reply via email to