In this link,
find the detailed remediation plan for StartCom as was notified last week. It
took us some time to have all the people needed for these tasks and clarify the
dates for fixing all the possible findings.
StartCom considers this plan accurate and enough to the Mozilla community,
specially for their users base, to regain and keep the confidence on our
capacity as a trusted CA.
In the plan you all can see that regarding the PKI system, there are 2 actions
based on timing, but always using the current roots, we may rethink, due to the
email delivered by Mozilla yesterday, if the mid term solution has to be
changed and instead of doing for the current roots, this has to be done for new
roots, which would mean a longer delay because would need to almost start from
We´d like to hear from Mozilla in this regard and if so, would allow Startcom
some more time.
Anyway, this remediation plan is to be executed by all means, but would like to
be sure about the mid term solution.
StartCom CA limited
dev-security-policy mailing list