Dear Ryan You accuse our root status by saying:"We know that key has been run on deficient infrastructure, with deficient software, and done deficient things..." As a matter of a fact the ROOT resides on a FIPS140-2 L3 HSM and kept all it life time in an offline status (in a robust SAFE) and was participated in 3 key ceremonies. So why do you say that the infrastructure is deficient? You can question the certificate issued to this key - but why do you question the key itself? This is a very severe accusation. the "deficient things" is creating 2 subca's that wasn't comply with ONE condition of the BR (critical/ not critical of a certain field, which may declared AFTER we created these SUB's). So the Comsign ROOT KEY IS INTACT even if is signed subca keys which its certificates are not 100% according to BR. Can you agree? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: ComSign Root Renewal Request
zshetach--- via dev-security-policy Wed, 14 Feb 2018 10:55:48 -0800
- Re: ComSign... Ryan Sleevi via dev-security-policy
- Re: ComSign... YairE via dev-security-policy
- Re: ComSign... Ryan Sleevi via dev-security-policy
- Re: ComSign... Wayne Thayer via dev-security-policy
- Re: ComSign... YairE via dev-security-policy
- Re: ComSign... Ryan Sleevi via dev-security-policy
- Re: ComSign Root Renewal Request YairE via dev-security-policy
- Re: ComSign Root Renewal Request YairE via dev-security-policy
- Re: ComSign Root Renewal Request Wayne Thayer via dev-security-policy
- Re: ComSign Root Renewal Request YairE via dev-security-policy
- Re: ComSign Root Renewal Request zshetach--- via dev-security-policy
- Re: ComSign Root Renewal Request YairE via dev-security-policy
- Re: ComSign Root Renewal Request Wayne Thayer via dev-security-policy