On Fri, May 10, 2019 at 8:09 AM fchassery--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Dear Wayne, > > I’m not arguing that signing the new Startom root was a mistake.In fact, > as soon as we were told, we backed off. > Our understanding at that time was that the remediation plan had been > fully implemented. But the Mozilla staff did not agree and had another > interpretation of the situation. > I do not know how or when a distortion was introduced between Franck’s > exchange with the Mozilla staff and our action. > But there was no intent to circumvent the Mozilla plan, and we corrected > it immediately when we were asked to do so. > That is why I do not understand why this subject is included in the > present discussions: if there has been an error, it is a past error, > corrected in the past and on which no further action is possible. > The answer can be found on our Maintenance and Enforcement wiki page under the Recurring Issues section [1], which states (in part) "Mozilla considers the totality of known issues and patterns of behavior in a CA's response to those issues." [1] https://wiki.mozilla.org/CA/Maintenance_and_Enforcement#Recurring_Issues At a minimum it should only be recalled as a problem that has been solved. > > Kind Regards, > > François > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
