On Tue, Jan 19, 2021 at 6:37 PM Jonathan Rudenberg via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > On Tue, Jan 19, 2021, at 12:01, Andrew Ayer via dev-security-policy wrote: > > Camerfirma was warned in 2018 that trust in their CA was in jeopardy, > > yet compliance problems continued. There is no reason to believe > > Camerfirma will improve, and there are many indications that they won't. > > Mozilla's users deserve CAs that take security more seriously than this. > > It's time to take action to protect Mozilla's users by distrusting > > Camerfirma. > > I strongly agree. The consistent pattern of documented failures and > insufficient remediation is deeply problematic, and reflects a level of > danger to Mozilla users that can only be mitigated by distrusting the CA. > > Jonathan
I also agree with this sentiment. Camerafirma's extensively documented issues (https://wiki.mozilla.org/CA:Camerfirma_Issues) and the responses in this thread reveal a CA which cannot responsibly handle the burden of being a publicly trusted authority. -Paul _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
