In addition to the issues Ryan has listed, during the root inclusion process multiple issues with their OCSP responder and CRL endpoints were observed and fixed only after the flaws were documented in the bug ( https://bugzilla.mozilla.org/show_bug.cgi?id=1233645).
I believe any CA seeking inclusion should be capable of doing the sorts of checks the Mozilla community performs long prior to seeking root inclusion. Failures like this inspire no confidence in the technical acumen of the administrators and I do not believe this root inclusion request should be accepted. -Paul _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
