Hi everyone, As I was in the Bay Area for the Mozilla All Hands, Symantec requested a face-to-face meeting with Mozilla, which happened last Friday. In attendance were Tom Ritter, Aaron Wu and I for Mozilla, and the following people from Symantec (I hope I have the titles right):
* Quentin Liu (Head of Engineering for Website Security) * Roxane DeVol (General Manager of Website Security) * Hugh Thomson (CTO of Symantec Corporate) * Michael Klieman (VP Product Management of Website Security) Symantec asked for the meeting to update us on their progress in finding a CA partner or partners to work with them in implementing the consensus remediation plan, which as you will know involves them passing off issuance to a third party while they stand up a new PKI on new, best-practice infrastructure. We expect Symantec, at the end of this week or early next week, to publish a document giving their proposal for how they will implement the plan, including a set of milestone dates with justification for how they are reached. They will also give some indications of ways the plan might be modified to alter the dates - e.g. "if we do X instead of Y, we can do it N weeks faster". After that, we need to get agreement by all the parties to form of the final plan and some attached dates, and then Symantec can sign contracts and start executing the plan. We hope to reach this agreement swiftly. However, the fly in the ointment is that I am going on holiday for 3 weeks from Friday. I am working occasional days during that time, but I will be relying on members of this group to be analysing and considering Symantec's proposal. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
