Hi Daniel, On 02/11/16 14:11, Itzhak Daniel wrote: > Interesting that Comodo and DigiCert are getting a different > treatment,
As far as the DigiCert certs go, it is far too early to have an opinion on what Mozilla is or isn't doing. And let us remember, the WoSign incident involved multiple instances of flat-out lying to Mozilla. I would expect non-lying CAs to get a different treatment from lying ones. > I wonder if WoSign/StartCom had ignored Mozilla Security > Community at some degree, the same way Comodo and DigiCert are doing, > would it saved them. I'm not sure what you mean by "ignoring Mozilla Security Community". I am happy with the level of communication by Comodo about their incident. DigiCert are still working on theirs. (As are the Government of Spain and DocuSign.) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
