El miércoles, 23 de diciembre de 2020 a las 0:01:23 UTC+1, Wayne Thayer escribió: > On Sat, Dec 19, 2020 at 1:03 AM Ramiro Muñoz via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > Hi Ben, Ryan, Burton and all: > > > > Camerfirma will present its claims based on a description of the problems > > found by associating the references to the specific bugs. > > After making a complete analysis of the bugs as presented by Ben, always > > considering that bugs are the main source of truth, we see that the > > explanations offered by Camerfirma could generally be better developed. We > > hope to make up for these deficiencies with this report. > > > > > It's worth pointing out that in April 2018, the Camerfirma '2016 roots' > inclusion request [1] was denied [2] after a host of issues were > documented. At that time it was made clear that ongoing trust in the older > roots was in jeopardy [3]. While some progress was made, the number, > severity, and duration of new and ongoing bugs since then remains quite > high. In this context, I don't find these new disclosures and commitments > from Camerfirma to form a convincing case for their trustworthiness. > > - Wayne > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=986854 > [2] > https://groups.google.com/g/mozilla.dev.security.policy/c/skev4gp_bY4/m/snIuP2JLAgAJ > > [3] > https://groups.google.com/g/mozilla.dev.security.policy/c/skev4gp_bY4/m/ZbqPhO5FBQAJ
Hi Wayne I understand your concern but, Camerfirma has indeed achieved huge improvements in terms of Mozilla’s policy compliance during recent years. Camerfirma nowadays has a much more mature management system. It’s true, some bugs have occurred but, looking at the bugs dashboard, our situation cannot be considered very different from other CAs. We firmly believe that the improvements already implemented together with the proposed measures will strengthen the governance of our SSL certificate activities in a very impactful and lasting way. In that regard, it’s important to highlight that we have the full support of our top management - both at the company level as well as at InfoCert Group level - in making everything will be required in order to come out successfully from this unpleasant situation. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
