On Tue, Jan 19, 2021, at 12:01, Andrew Ayer via dev-security-policy wrote: > Camerfirma was warned in 2018 that trust in their CA was in jeopardy, > yet compliance problems continued. There is no reason to believe > Camerfirma will improve, and there are many indications that they won't. > Mozilla's users deserve CAs that take security more seriously than this. > It's time to take action to protect Mozilla's users by distrusting > Camerfirma.
I strongly agree. The consistent pattern of documented failures and insufficient remediation is deeply problematic, and reflects a level of danger to Mozilla users that can only be mitigated by distrusting the CA. Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy