While we are developing the future customer experience plans with Sectigo and until issuance of publicly trusted certificates has transitioned to Sectigo, Entrust is committed to continuing to all operations in accordance with the applicable requirements.
On Wednesday, January 29, 2025 at 4:14:25 PM UTC-5 Jeremy Rowley wrote: > Thanks Nick - that makes sense. One question though - who is maintaining > the front end systems? Will Entrust still be supporting those with Sectigo > issuing? If they fall apart, will Sectigo be maintaining them or Entrust? > > On Wed, Jan 29, 2025 at 1:37 PM 'Nick France' via [email protected] > <[email protected]> wrote: > >> Jeremy, Wayne: >> For clarity, the acquisition was of customers and customer contracts. >> Sectigo is not taking over or transferring any systems, infrastructure or >> staff from Entrust as part of this deal. >> This is different to the transition of Symantec back in 2017/2018. >> The recently-announced reseller integration will continue (which was >> discussed in advance with relevant parties) with customers obtaining >> certificates via Entrust systems utilising that integration. >> The distrusted roots remain with Entrust with no current plans to move >> them - should that change, notice will be given as required to trust-store >> operators and browsers. >> >> All certificates will be issued from Sectigo CA systems, using Sectigo >> roots and issuing CAs, Sectigo policies and practices. >> >> Tim or I are happy to answer any further questions on-list or privately >> via email if required (nick@ and tim.callan@). >> >> Thanks, >> Nick >> >> On Wednesday, January 29, 2025 at 7:53:43 PM UTC Wayne wrote: >> >>> I completely agree Jeremy, the lack of information in all the current >>> press releases by both parties is disheartening. We have statements to >>> customers and partners on the contractual terms being the same for the time >>> being, but nothing on the leadership changes. The plan for the platform >>> going forward is most concerning as its the most immediately impactful and >>> each root store will have to make considerations for potential fresh >>> inclusion of roots. >>> >>> We do have precedence for this historically, and it would be wise for >>> any CA buying or selling to disclose in advance for public interest. The >>> oversights in place aren't enough if a silent leadership change occurs that >>> changes who controls the roots, and there is no clear intent for public >>> disclosure. While I don't see Mozilla placing any specific policy in place >>> regarding this, I believe it reflects on the transparency of each >>> organization in question and their commitment to the WebPKI as an open and >>> transparent process. >>> >>> I sincerely hope the drafts are already prepared and both Entrust and >>> Sectigo's PR departments got ahead of the game on announcing the >>> acquisition. What would a timely response to informing relevant parties of >>> this entail? >>> >>> - Wayne >>> >>> On Wednesday, January 29, 2025 at 7:11:33 PM UTC Jeremy Rowley wrote: >>> >>>> News of the acquisition is here: >>>> >>>> https://www.entrust.com/company/newsroom/entrust-sells-public-certificate-business-to-sectigo >>>> >>>> I am a bit disappointed that there was not a public announcement on the >>>> forum as was requested with other transactions. Will Sectigo be sharing >>>> the >>>> details of the acquisition? Specific questions that were asked during the >>>> Symantec acquisition included: >>>> 1) Will Entrust leadership be involved in Sectigo? This was a no-go >>>> during the Symantec acquisition and was specifically forbidden by Mozilla. >>>> 2) Was notice given to Mozilla? If so, why wasn't this shared with the >>>> public? Sectigo isn't publicly traded so I'm surprised the notification >>>> was >>>> missed. Granted this is not a written requirement - just notice to Mozilla >>>> - but given Mozilla's dedication to public discussion, I am very >>>> interested >>>> to know why this wasn't shared. >>>> 3) What are the plans for the platform? Note that during the Symantec >>>> transition, DigiCert was required to file a bug and track migration of >>>> customers off the legacy Symantec roots and systems (including the >>>> front-ends). Where is this plan disclosed? >>>> 4) Will Sectigo be filing a bug to provide community updates? This was >>>> required during the Symantec acquisition to keep the public informed on >>>> progress and issues found with the Symantec environment. If Entrust was >>>> distrusted partly because of how archaic its systems are, then there >>>> should >>>> be equal concern about Sectigo operating those systems without proper >>>> public communication. >>>> >>>> Glad to see Sectigo acquired the business, but I'm concerned that the >>>> processes Mozilla required of DigiCert during Symantec are not being >>>> addressed here. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6af59737-bc8f-4484-a406-537a1009987bn%40mozilla.org >> >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6af59737-bc8f-4484-a406-537a1009987bn%40mozilla.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/140feddb-9f09-4376-8ddd-a04015bc3007n%40mozilla.org.
