Hi everyone,

As I was in the Bay Area for the Mozilla All Hands, Symantec requested a
face-to-face meeting with Mozilla, which happened last Friday. In
attendance were Tom Ritter, Aaron Wu and I for Mozilla, and the
following people from Symantec (I hope I have the titles right):

* Quentin Liu (Head of Engineering for Website Security)
* Roxane DeVol (General Manager of Website Security)
* Hugh Thomson (CTO of Symantec Corporate)
* Michael Klieman (VP Product Management of Website Security)

Symantec asked for the meeting to update us on their progress in finding
a CA partner or partners to work with them in implementing the consensus
remediation plan, which as you will know involves them passing off
issuance to a third party while they stand up a new PKI on new,
best-practice infrastructure.

We expect Symantec, at the end of this week or early next week, to
publish a document giving their proposal for how they will implement the
plan, including a set of milestone dates with justification for how they
are reached. They will also give some indications of ways the plan might
be modified to alter the dates - e.g. "if we do X instead of Y, we can
do it N weeks faster". After that, we need to get agreement by all the
parties to form of the final plan and some attached dates, and then
Symantec can sign contracts and start executing the plan. We hope to
reach this agreement swiftly.

However, the fly in the ointment is that I am going on holiday for 3
weeks from Friday. I am working occasional days during that time, but I
will be relying on members of this group to be analysing and considering
Symantec's proposal.

dev-security-policy mailing list

Reply via email to