Dear Ryan, with all due respect and we do respect you, back in 2016 all the
issues you mentioned were about the CPS and were corrected.
It took us a lot to create the documentation you've asked for.
There was no mentioning of any kind about our CA software or anything about the
root itself.
We believe that by solving all the problems that you've rose - we have shown
integrity and that we are trustworthy and we expected to hear a minor good word
about accomplishing the correction you've asked for including creating a
complete new CPS, which have costed us a lot of time.
We initiated out of our own integrity the new CA environment (nobody forced us
to do so), and created already the new CA environment and one of our
considerations was to use a trusted company like MS and not a relatively small
vendor of CA. We knew they have some functionality disadvantages in their
software but we hope they will correct it.
As mentioned – we do agree that we need to switch our CA software ASAP and we
are doing so and make progress every day. We did all the corrections you've
asked for. If not – please point them out.
You now, after we did everything you've asked for, put dark shadow, over our
trust and we do not see why. The only real point now is that we've used and
still are using a software that must be replaced ASAP.
Bear in mind please that we cannot switch in one day because we need the
approval of the government to every step we plan.
In conclusion, we don’t see any trust problems regarding Comsign itself and\or
this particular root.
We still ask that this root will be approved on the new MS-CA when we switch to
it, and we see no need to decline our request as long as we continue to comply
with the BR and issue on a trusted CA software.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
