Hi dracenmarx, On 02/11/16 12:44, dracenm...@googlemail.com wrote: > (1) I did find any public answer from Apple, Google or Mozilla in > regards to the Remediation plan by StartCom. I have the feeling, that > the sanctions were applied without considering this document. ( > https://www.startssl.com/report/StartCom_Remediation_Plan_14102016.pdf > ) You didn't even reply to this document after it was mentioned here > in this discussion.
StartCom were circulating this document to us before it was formally published. We think their remediation plan is reasonable but it does not change the decision, which was based on a determination about past events rather than future promises. > (2) I am a bit upset about the cuttling line Mozilla set (and which > was adopted by Chrome yesterday) > > Mozilla announced on October, 24th, that certificates signed on 22 > October or later will be not verified by their future browser > versions. Both StartCom and WoSign were aware in advance that this was the deadline we were proposing. How they communicated that to their customers (or not) is up to them. If you are unhappy with them for selling you a cert which will not meet your requirements, you need to take it up with them. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
