On Sat, Dec 19, 2020 at 1:03 AM Ramiro Muñoz via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> Hi Ben, Ryan, Burton and all:
>
> Camerfirma will present its claims based on a description of the problems
> found by associating the references to the specific bugs.
> After making a complete analysis of the bugs as presented by Ben, always
> considering that bugs are the main source of truth, we see that the
> explanations offered by Camerfirma could generally be better developed. We
> hope to make up for these deficiencies with this report.
>
>
It's worth pointing out that in April 2018, the Camerfirma '2016 roots'
inclusion request [1] was denied [2] after a host of issues were
documented. At that time it was made clear that ongoing trust in the older
roots was in jeopardy [3]. While some progress was made, the number,
severity, and duration of new and ongoing bugs since then remains quite
high. In this context, I don't find these new disclosures and commitments
from Camerfirma to form a convincing case for their trustworthiness.

- Wayne

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=986854
[2]
https://groups.google.com/g/mozilla.dev.security.policy/c/skev4gp_bY4/m/snIuP2JLAgAJ
[3]
https://groups.google.com/g/mozilla.dev.security.policy/c/skev4gp_bY4/m/ZbqPhO5FBQAJ
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to