In fairness, I think Mozilla essentially stipulated that this reason was given little or no weight in the decision.
Specifically Wayne Thayer noted at [1]: Some of this discussion has revolved around compliance issues, the most prominent one being the serial number entropy violations discovered by Corey Bonnell. While these issues would certainly be a consideration when evaluating a root inclusion request, they are not sufficient to have triggered an investigation aimed at revoking trust in the DarkMatter intermediates or QuoVadis roots. Therefore, they are not relevant to the question at hand. I certainly am not trying to divine something that's not there, but "not relevant to the question at hand" fairly strongly suggests "was not a factor in the decision". [1]: https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/TseYqDzaDAAJ On Tue, Jul 16, 2019 at 4:12 PM Nadim Kobeissi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I think it's interesting how one of the main technical arguments for > denying DarkMatter's root inclusion request -- the misissuance of > certificates with 63-bit identifiers instead of 64-bit identifiers, also > affected Google, Apple and Godaddy, and to a much greater extent: > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
