On Mon, Nov 27, 2017 at 3:07 PM, adisor19--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > After seeing the forced shutdown of StartCom, I see no reason to allow > them back in. Richard Wang is back in his role as CEO and everything is > back to square one except all trust is gone now. They killed a good > brand/company (StartCom) and did more harm to the public CA ecosystem than > Symantec's shenanigans. > > Allowing them back in is insulting IMO. > > I also lament the passing of StartCom. I liked it before the acquisition. I was a paying customer. It brings an interesting point though. If I were assessing his fitness to run a CA at this point, I would probably fault Eddy Nigg quite harshly, too. While he clearly wasn't responsible for the improper actions undertaken by Mr. Wang, he shirked a responsibility to the community in not announcing that he was no longer supervising and controlling StartCom, delaying the discovery and remediation. To the extent that he made any kind of NDA or other agreement with WoSign as part of the sale, that's still a choice he made to sign on to and such choices have consequences -- especially when it comes to trust. Matt Hardeman _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
