Dear Ryan, with all due respect and we do respect you, back in 2016 all the 
issues you mentioned were about the CPS and were corrected.
It took us a lot to create the documentation you've asked for.
There was no mentioning of any kind about our CA software or anything about the 
root itself.
We believe that by solving all the problems that you've rose  - we have shown 
integrity and that we are trustworthy and we expected to hear a minor good word 
about accomplishing the correction you've asked for including creating a 
complete new CPS, which have costed us a lot of time.
We initiated out of our own integrity the new CA environment  (nobody forced us 
to do so), and created already the new CA environment and one of our 
considerations was to use a trusted company like MS and not a relatively small 
vendor of CA. We knew they have some functionality disadvantages in their 
software but we hope they will correct it.
As mentioned – we do agree that we need to switch our CA software ASAP and we 
are doing so and make progress every day. We did all the corrections you've 
asked for. If not – please point them out.
You now, after we did everything you've asked for, put dark shadow, over our 
trust and we do not see why. The only real point now is that we've used and 
still are using a software that must be replaced ASAP.
Bear in mind please that we cannot switch in one day because we need the 
approval of the government to every step we plan.
In conclusion, we don’t see any trust problems regarding Comsign itself and\or 
this particular root.
We still ask that this root will be approved on the new MS-CA when we switch to 
it, and we see no need to decline our request as long as we continue to comply 
with the BR and issue on a trusted CA software.
dev-security-policy mailing list

Reply via email to