On Tue, Jul 9, 2019 at 4:34 PM mono.riot--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> I think it's less about a single person than about an alleged firewalling > of entities that end up being not firewalled at all, but all owned by the > same person in the end. > That kind of corporate hierarchy exists for numerous legitimate reasons -- mostly tax & liability segregation. Nothing about that, in itself, is illegitimate. And the separation offered do, properly implemented, mean that the team at the other divisions has no sway over the CA, save for by convincing the ownership to dictate policy. There is even precedent for a major CA (what was Comodo CA) and a TLS interception device manufacturer (BlueCoat) to share significant beneficial ownership: Francisco Partners. It is difficult for me to see the difference, objectively speaking. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy