On 10/24/2018 1:07 PM, Wayne Thayer wrote: > On Tue, Oct 23, 2018 at 1:46 PM David E. Ross via dev-security-policy < > [email protected]> wrote: > >> On 10/23/2018 11:45 AM, Wayne Thayer wrote: >>> I believe that the discussion over Certigna's reported CAA misissuance >>> [1][2] has reached an end, even though some questions remain unanswered. >> If >>> anyone has additional comments or concerns about this inclusion request, >>> please respond by Friday 26-October. This request [3] has been in >>> discussion since April 2017 and I would like to bring it to a conclusion >>> soon. >>> >>> - Wayne >>> >>> [1] >>> >> https://groups.google.com/d/msg/mozilla.dev.security.policy/mVD1QoGXBOQ/EkYklywRBAAJ >>> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1485413 >>> [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1265683 >>> >> >> If there remain unresolved issues, should not approval be withheld? >> >> Certigna has completed their remediation, but a large number of questions > were asked during the discussion of the misissuance. I think it is fair to > say that Certigna was unwilling or unable to answer many of them, and when > this became apparent, I asked for the questioning to stop. Therefore, I > consider the issue to be resolved, but not necessarily resolved to our > satisfaction. >
If Mozilla is not satisfied with how the misissuance was resolved, why would the root be included in Mozilla's NSS? -- David E. Ross <http://www.rossde.com> Too often, Twitter is a source of verbal vomit. Examples include Donald Trump, Roseanne Barr, and Elon Musk. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
