Thank you for making this announcement Arnold. This change of legal ownership is covered by section 8.1 of the Mozilla Root Store Policy, including the following statement:
If the receiving or acquiring company is new to the Mozilla root program, > it must demonstrate compliance with the entirety of this policy and there > MUST be a public discussion regarding their admittance to the root program, > which Mozilla must resolve with a positive conclusion in order for the > affected certificate(s) to remain in the root program. > Technically I believe the statement above applies to this situation, so I would like to formally begin the discussion period for this change in legal ownership of the T-Systems CA by requesting additional thoughtful and constructive feedback from the community. I will plan to keep the discussion period open for a minimum of 3 weeks. T-Systems has already indicated that no changes to their CP/CPS are planned aside from the company name. On Tue, Apr 28, 2020 at 7:18 AM Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Thanks, Arnold. > > Our change was more complex, so we had to go to a more cumbersome process, > including audits of the ownership receiving party. > > What I guess it's required now is an explicit confirmation from Mozilla to > say if such a direct transfer to an entity not member of the program is > compliant with section 8.1 of the policy. > > I believe that the plan described by T-Systems is compliant with Mozilla policy. - Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
