On Wednesday, November 22, 2017 at 4:06:26 AM UTC-5, Gervase Markham wrote: > We understand that WoTrus (WoSign changed their name some months ago) > are working towards a re-application to join the Mozilla Root Program. > Richard Wang recently asked us to approve a particular auditor as being > suitable to audit their operations. > > In the WoSign Action Items bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=1311824 > Kathleen wrote "WoSign may apply for inclusion of new (replacement) root > certificates[1] following Mozilla's normal root inclusion/change > process[2] (minus waiting in the queue for the discussion), after they > have completed all of the following action items, and no earlier than > June 1, 2017." > > However, one step in the inclusion process is the public discussion, and > we have some reason to believe that this may lead to significant > objections being raised. It would not be reasonable to encourage WoSign > to complete all the other steps in the process if there was little or no > chance of them being approved in public discussion. > > So Kathleen and I thought it would be best to have a pre-discussion now, > in order to make sure that expectations are set appropriately. If WoTrus > had completed all the action items in the bug and arrived at the public > discussion part of the application, what would people say? If you raise > an objection, please say if there is any way at all that you think > WoTrus could address your issue. > > Thanks for your input, > > Gerv
After seeing the forced shutdown of StartCom, I see no reason to allow them back in. Richard Wang is back in his role as CEO and everything is back to square one except all trust is gone now. They killed a good brand/company (StartCom) and did more harm to the public CA ecosystem than Symantec's shenanigans. Allowing them back in is insulting IMO. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
