On 22/10/16 20:41, Peter Bowen wrote: > According to the wiki, Asseco Certum has cross-signed at least one of > these roots. Is it expected that Certum will take any action, or do > the above changes mean that Certum's cross-sign of WoSign will be > considered to not exist for the purpose of Mozilla policy?
Certum are aware of the situation and may have their own comments to make. But it is certainly not Mozilla's intention to allow our policy decisions to be circumvented by cross-signing. (This is not saying that Certum's intent was to do this!) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
