It appears that Entrust is now providing its customers with certificates from SSL.COM: https://www.entrust.com/blog/2024/07/announcing-our-new-tls-solution-offering/ Given the type of customers that Entrust was serving it must imply they are at least acting as a Delegated Third Party or External RA for those certificates The blogpost also seems to suggest they are acting as an External RA for SSL.COM Could Entrust and SSL.COM provide insights in which construct they are working together (reseller, Delegated Third Party or External RA)? If it is an External RA how did SSL.COM evaluate and accept the risk given the numerous (vetting) compliance incidents Entrust has recently had and their failure to timely replace the certificates?
Op do 4 jul 2024 om 18:39 schreef Watson Ladd <[email protected]>: > > > On Thu, Jul 4, 2024, 11:49 AM 'Bruce Morton' via > [email protected] <[email protected]> wrote: > >> >> >> On Tuesday, June 25, 2024 at 5:19:22 PM UTC-4 Mike Shaver wrote: >> >> While you’re addressing comments, I’d appreciate an answer to my question >> here: what was the motivation behind redacting that portion of the email to >> customers, if not to conceal information related to redaction procedures? >> >> You want to make it clear that you aren’t concealing anything, but you >> haven’t given us any reason to believe otherwise. >> >> Mike >> >> >> The letter was shared as an example of what was sent from us directly to >> a subscriber. The question posed was “what was the contents of the email >> sent to providers asking for revocation to begin with?”. We posted the >> communication’s contents in the thread and removed the step-by-step >> instructions and the contact information for support as we didn’t feel that >> was the request’s focus. It was not redacted to conceal the specific >> instructions provided and the full letter was shared in its entirety >> quickly after it was requested. >> > > The fact that you literally wrote that you "removed the step by step > instructions" than say it wasn't "redacted to conceal the instructions" you > removed literally 13 words later demonstrates an astonishing predilection > for casuistry. > > The only interpretation I can come up with is that these words were > removed accidentally, showing a profound lack of care in communications > with DSP. > > Sincerely, > Watson Ladd > > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b4dcb651-aec5-4f2e-8325-9aafa2f9ea58n%40mozilla.org >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b4dcb651-aec5-4f2e-8325-9aafa2f9ea58n%40mozilla.org?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0cnV%2B3b3XM8Xi8r8b5w%2BP3oQ%2BAer_vt8HmZdLyw7QMV5Pw%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0cnV%2B3b3XM8Xi8r8b5w%2BP3oQ%2BAer_vt8HmZdLyw7QMV5Pw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAOY5%3DRBkecUG_5XrpNrxQR1CvOMmXbAnsVM-pXiXhMrec978fQ%40mail.gmail.com.
