On Tue, Oct 23, 2018 at 1:46 PM David E. Ross via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On 10/23/2018 11:45 AM, Wayne Thayer wrote: > > I believe that the discussion over Certigna's reported CAA misissuance > > [1][2] has reached an end, even though some questions remain unanswered. > If > > anyone has additional comments or concerns about this inclusion request, > > please respond by Friday 26-October. This request [3] has been in > > discussion since April 2017 and I would like to bring it to a conclusion > > soon. > > > > - Wayne > > > > [1] > > > https://groups.google.com/d/msg/mozilla.dev.security.policy/mVD1QoGXBOQ/EkYklywRBAAJ > > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1485413 > > [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1265683 > > > > If there remain unresolved issues, should not approval be withheld? > > Certigna has completed their remediation, but a large number of questions were asked during the discussion of the misissuance. I think it is fair to say that Certigna was unwilling or unable to answer many of them, and when this became apparent, I asked for the questioning to stop. Therefore, I consider the issue to be resolved, but not necessarily resolved to our satisfaction. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy