On Tue, Jul 9, 2019 at 4:34 PM mono.riot--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> I think it's less about a single person than about an alleged firewalling
> of entities that end up being not firewalled at all, but all owned by the
> same person in the end.

That kind of corporate hierarchy exists for numerous legitimate reasons --
mostly tax & liability segregation.  Nothing about that, in itself, is
illegitimate.  And the separation offered do, properly implemented, mean
that the team at the other divisions has no sway over the CA, save for by
convincing the ownership to dictate policy.

There is even precedent for a major CA (what was Comodo CA) and a TLS
interception device manufacturer (BlueCoat) to share significant beneficial
ownership: Francisco Partners.  It is difficult for me to see the
difference, objectively speaking.
dev-security-policy mailing list

Reply via email to