On Thu, 11 Oct 2018 13:06:46 -0700 Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> This request is for inclusion of these four emSign roots operated by > eMudhra in bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1442337 I would like to read more about eMudhra / emSign. I have never heard of this entity before, perhaps because they're Indian (if I understand correctly) but perhaps because they're just entirely new to this business. Of course just being new isn't inherently disqualifying, but it'd be good to understand things like: - Who (human individuals) is behind this outfit, are there people we've dealt with before in any key roles? (For example I hope we can agree that individuals from previously distrusted CAs as leadership would be a potential red flag) Are there people involved who've done this or something similar before? - Does this entity or a legally related entity already operate a business in this space that has a record we can look at such as: Indian RA for another Certificate Authority, CA in another PKI, or more distantly somewhat similar businesses such as making identity documents, or payment card systems. - How did they come to decide to set up a new root CA for the Web PKI? Running a trustworthy CA is pretty hard, so I am at least a little bit sceptical of the idea that people I've never hard of can wake up one morning and decide "Hey let's run a CA" and do a good job, whether in India, Indianapolis or Israel. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy