We understand that WoTrus (WoSign changed their name some months ago)
are working towards a re-application to join the Mozilla Root Program.
Richard Wang recently asked us to approve a particular auditor as being
suitable to audit their operations.
In the WoSign Action Items bug:
FWIW my opinion:
I don't think there should be a lifetime or long term ban for people or
companies that have operated a bad CA in the past.
However I do believe that the way Wosign representatives on this list
acted in the past was often dishonest and highly problematic.
If Wosign continues to
On 22/11/2017 10:05, Gervase Markham wrote:
We understand that WoTrus (WoSign changed their name some months ago)
are working towards a re-application to join the Mozilla Root Program.
Richard Wang recently asked us to approve a particular auditor as being
suitable to audit their operations.
In
On 14/11/17 21:53, Doug Beattie wrote
> The question is, if we issue Code Signing certificates via P12 files
> in compliance with the Code Signing standard, are we out of
> compliance with the Mozilla policy? How do you recommend we respond
> to this checklist question?
Mozilla does not have
On 22/11/17 11:41, Tom wrote:
> https://www.wosign.com/english/about.htm has been updated with the new
> name, WoTrus, and currently says "Richard Wang, CEO"
Richard stated to me at one point (I can't remember whether in person or
by email) that at the time of speaking, he was no longer CEO, and
On 22/11/2017 16:38, Gervase Markham wrote:
On 22/11/17 10:54, Jakob Bohm wrote:
Some notes about previously discussed items:
Mozilla is not suggesting that WoSign has completed all of the steps.
The entire point is that we want to have this pre-discussion before they
make the effort to do
Hi,
I touched on my thoughts on this matter a bit before.
This is really about trust.
I think several factors must be weighed here:
1. Is "trust" really required of a CA in a soon-to-be
post-mandatory-CT-log world?
If some level of trust is required, then:
2. Can we say that the QiHoo 360
On Wed, Nov 22, 2017 at 11:16 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Mozilla did not formally require this, but it is true that as far as we
>> can see, Richard Wang is still effectively in charge of WoSign/WoTrus.
>>
>>
> I think assessing and
8 matches
Mail list logo
