Hi Ben, The CA has been given chance after chance to improve after incident after incident but failed to do so. The remediation plan is a doorstop plan for the CA to wedge the door open to remain in the Mozilla root store but it's time to face the inevitable conclusion and the door must close on the CA for good to protect the safety of Mozilla users. Removal should happen immediately.
The damage to the users of the CA is minimal. Less than 8,000 active certificates (according to crt.sh) and other CAs can pick up the pieces easily. It's disappointing to see another CA bite the dust. No way forward in my opinion. Thank you Burton On Tue, 26 Jan 2021, 05:21 Ben Wilson via dev-security-policy, < dev-security-policy@lists.mozilla.org> wrote: > Dear All, > > We appreciate your comments and participation in the discussion about the > Summary of Camerfirma's Compliance Issues, > https://wiki.mozilla.org/CA:Camerfirma_Issues. > > Mozilla has not yet made a decision about Camerfirma's continuation in our > root store. We intend to continue with our public discussion process to > determine whether Camerfirma's root certificates can remain included in > Mozilla's root store, and what actions they need to take. > > Camerfirma has responded to the list of issues by providing a Remediation > Plan, > > https://drive.google.com/file/d/1DV7cUSWqdOEh3WwKsM5k1U5G4rT9IXog/view?usp=sharing > , > with a commitment to align Camerfirma to the highest level of standards of > the Mozilla community. > > They asked if there are parts of the Remediation Plan that need > clarification and for suggestions to improve the Remediation Plan. > > We will appreciate your constructive feedback on it. > > - Do the proposed actions in the Remediation Plan address the underlying > issues? > > - If Camerfirma fully executes on this plan, will that be sufficient to > regain trust so that they can remain a CA in Mozilla's root store? > > - Do you have additional recommendations for steps that you think > Camerfirma should take? > > Thanks, > > Ben > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
