On Tue, Jan 26, 2021, at 00:21, Ben Wilson via dev-security-policy wrote: > > - Do the proposed actions in the Remediation Plan address the underlying > issues? > > - If Camerfirma fully executes on this plan, will that be sufficient to > regain trust so that they can remain a CA in Mozilla's root store? > > - Do you have additional recommendations for steps that you think > Camerfirma should take?
Given the history of major failures and inadequate response over a long period of time, I don't believe that there is a remediation plan that can work here. Mozilla should move forward with distrusting this CA. Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy