Dear Rachel, It has never been the case that compliance with a narrow set of rules creates trust in a human endeavor. The decision to trust a CA is an ongoing one, and the behavior of its representatives is evaluated in that light, as representative of the attitude taken by the organization to its responsibilities. Your aggressive bloviation and evasion contrasts quite negatively to the openness with which other CAs have addressed issues before, and is most certainly affecting the trust that I would consider reasonable to place in TrustCor.
In particular it is not clear to me what the entities and people being discussed who have ownership of TrustCore CA are, what all the jurisdictions where operations or entities were formed are, how these structures change over time, and what transactions were supposed to effect these changes. All we hear is a few pieces and disputing that we need to care about the rest. You talk about an operational insulation agreement, but haven't provided any details or indicated where details might be found. This incompleteness makes it difficult for me to assess your assertions about the entities involved. Nitpicking the tense and grammar of questions reminds me of nothing so much as a former President. Ultimately as we've seen with WoSign, etc the CA business is much like banking. When you need to say "we've got good credit", your credit is actually worthless already. And given that TrustCor seems to have only one customer, there really isn't much of a reason not to expel them. Sincerely, Watson Ladd -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0ck3ZjQbakCTCL59GhrT%2BhwgHTEr3gv3LeVu2SSGxgYGGA%40mail.gmail.com.
