I think the information disclosed by Sectigo in this acquisition case is too unclear. The main concern is how Sectigo intends to deal with the brand and assets of Entrust. For example:
1. How will the Entrust Roots be used in the future? (As the Sectigo employee has already stated in the previous discussion that the acquisition does not include the Roots, so this issue is resolved.) 2. Will the Entrust subCAs under SSL.com continue to be used after the acquisition? If not, what is the retirement plan? And what is the retirement plan for the CAA flags of entrust.net / affirmtrust.com authorized for use by SSL.com? 3. Will the Entrust subCAs under Sectigo continue to be used after the acquisition? If not, what is the retirement plan? On Saturday, February 1, 2025 at 4:04:57 AM UTC+8 Mike Shaver wrote: > Mozilla at least used to routinely get advanced notice of things like > coordinated-embargo security issues, including those that affected > publicly-traded entities, and managed to keep them appropriately private. > Mozilla could be notified without it being via the MDSP channel, and in > fact I believe that's exactly what happened with the Symantec events. I > don't believe that it happened in this case, presumably because neither > Entrust nor Sectigo believed that there was a material change to the > relevant root operations of either, but rather simply a bulk migration of > customers. (I agree with that position, for what little that's worth.) > > Mike > > > On Fri, Jan 31, 2025 at 3:00 PM Phillip Hallam-Baker < > [email protected]> wrote: > >> One aspect of this discussion that is plain weird is the notion that a >> group that holds public discussion on a subject can get any sort of advance >> notice. >> >> Entrust is a public company with stock traded on US exchanges that must >> therefore comply with US disclosure requirements. Entrust execs would be >> going to jail if they allowed public announcements that didn't go through >> the required processes. >> >> So perhaps a little less of the indignation about not being notified and >> complaining about corporate speak? >> >> -- >> > You received this message because you are subscribed to the Google Groups " >> [email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMm%2BLwgzJL%3DF5QXpwynoZackdSiCiG5iiRRprg%2BwzMpvY5BrQg%40mail.gmail.com >> >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMm%2BLwgzJL%3DF5QXpwynoZackdSiCiG5iiRRprg%2BwzMpvY5BrQg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/9158804a-323f-4d27-bdb3-cea4f18c329bn%40mozilla.org.
