El miércoles, 23 de diciembre de 2020 a las 0:01:23 UTC+1, Wayne Thayer 
escribió:
> On Sat, Dec 19, 2020 at 1:03 AM Ramiro Muñoz via dev-security-policy < 
> dev-secur...@lists.mozilla.org> wrote: 
> 
> > Hi Ben, Ryan, Burton and all: 
> > 
> > Camerfirma will present its claims based on a description of the problems 
> > found by associating the references to the specific bugs. 
> > After making a complete analysis of the bugs as presented by Ben, always 
> > considering that bugs are the main source of truth, we see that the 
> > explanations offered by Camerfirma could generally be better developed. We 
> > hope to make up for these deficiencies with this report. 
> > 
> >
> It's worth pointing out that in April 2018, the Camerfirma '2016 roots' 
> inclusion request [1] was denied [2] after a host of issues were 
> documented. At that time it was made clear that ongoing trust in the older 
> roots was in jeopardy [3]. While some progress was made, the number, 
> severity, and duration of new and ongoing bugs since then remains quite 
> high. In this context, I don't find these new disclosures and commitments 
> from Camerfirma to form a convincing case for their trustworthiness. 
> 
> - Wayne 
> 
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=986854 
> [2] 
> https://groups.google.com/g/mozilla.dev.security.policy/c/skev4gp_bY4/m/snIuP2JLAgAJ
>  
> [3] 
> https://groups.google.com/g/mozilla.dev.security.policy/c/skev4gp_bY4/m/ZbqPhO5FBQAJ

Hi Wayne

I understand your concern but, Camerfirma has indeed achieved huge improvements 
in terms of Mozilla’s policy compliance during recent years. Camerfirma 
nowadays has a much more mature management system. It’s true, some bugs have 
occurred but, looking at the bugs dashboard, our situation cannot be considered 
very different from other CAs. We firmly believe that the improvements already 
implemented together with the proposed measures will strengthen the governance 
of our SSL certificate activities in a very impactful and lasting way. In that 
regard, it’s important to highlight that we have the full support of our top 
management - both at the company level as well as at InfoCert Group level - in 
making everything will be required in order to come out successfully from this 
unpleasant situation.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to