Thank you, Gerv (and have a great vacation!) Best, Peter
-----Original Message----- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Monday, July 03, 2017 12:21 PM To: Loshin, Peter; mozilla-dev-security-pol...@lists.mozilla.org Cc: pr...@mozilla.com; Justin O'Kelly Subject: Re: Symantec meeting and status Hi Peter, I note you have copied in our press team and that you are a journalist; I will answer your question as I would the same question from any member of our community here if it were asked in this forum. On 03/07/17 16:54, Loshin, Peter wrote: > Other than stating that it will be publishing its proposal for > implementing the consensus remediation plan, did Symantec provide any > other information about its progress? Yes, they did. However, it seems unnecessary to document all that here, as the meat of what they told me should end up in their implementation proposal. Due to my upcoming holiday starting just before their planned publication date, they may choose to share a not-final draft of the proposal with me privately, which I will comment on (if I have time) in a non-binding fashion. This is not to pre-judge the proposal, but to speed the process and try and make sure the proposal contains everything necessary to evaluate it. As always, we will be coming to our position in consultation with our community here. > Did Symantec offer any other > information that you are able to share? Any other information that you > are _not_ able to share? Our general principle for such meetings, consistent with Mozilla's desire to run our root program in an open and transparent fashion, is that we will not promise confidentiality up front, although we will honour reasonable requests for it on a case-by-case basis. We treat all CAs and all meetings equally in this regard. In this case, the only information Symantec gave me which we agreed not to reveal was the names of the particular companies they were considering as CA partners. No doubt their implementation plan will show who they eventually choose. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
