On Thu, Nov 9, 2017 at 1:25 PM, Peter Kurrasch via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> There's always a risk that a CA owner will create a security nightmare
> when we aren't looking, probationary period or not. In theory regular
> audits help to prevent it, but
On Tuesday, October 31, 2017 at 9:22:09 AM UTC-4, Kyle Hamilton wrote:
> http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business
I did a little spot check. So yes they hired a person who was involved with
Entrust, so that is a plus. The website says it
From: westmail24--- via dev-security-policySent: Wednesday, November 8, 2017 7:50 PMTo: mozilla-dev-security-pol...@lists.mozilla.orgReply To: westmai...@gmail.comSubject: Acquisition policy (was: Francisco Partners acquires Comodo certificate authorit
Hello Peter,
But what prevents Francisco Partners making security nightmare after the
probationary period? This is logical, I think.
Regards,
Andrew
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On 11/1/17 12:22 PM, westmai...@gmail.com wrote:
Hello,
Why you're removed the post of Peter Gutmann (Nov. 1, 2017, 4:08)?
If I understand correctly, at the time of the public discussion for new root
certificates SSL.com (RA Comodo) Mozilla concealed information about the
acquisition of SSL
On November 1, 2017 at 2:23:17 PM, westmail24--- via dev-security-policy (
dev-security-policy@lists.mozilla.org) wrote:
Hello,
If I understand correctly, at the time of the public discussion for new
root certificates SSL.com (RA Comodo) Mozilla concealed information about
the acquisition of
Hello,
Why you're removed the post of Peter Gutmann (Nov. 1, 2017, 4:08)?
If I understand correctly, at the time of the public discussion for new root
certificates SSL.com (RA Comodo) Mozilla concealed information about the
acquisition of SSL business of Comodo and that now the past public
age-
> From: Peter Gutmann
> via dev-security-policy
> Sent: 01 November 2017 04:08
> To: mozilla-dev-security-pol...@lists.mozilla.org; m...@flanga.io
> Subject: Re: Francisco Partners acquires Comodo certificate authority
business
>
> mw--- via dev-security-policy <dev-securi
> -Original Message-
> From: Gerv
> Subject: Re: Francisco Partners acquires Comodo certificate authority
business
>
> On 31/10/17 13:21, Kyle Hamilton wrote:
> > http://www.eweek.com/security/francisco-partners-acquires-comodo-s-
> certificate-authority-busin
On 31/10/17 13:21, Kyle Hamilton wrote:
> http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business
Comodo notified Mozilla of this impending acquisition privately in
advance, and requested confidentiality, which we granted. Now that the
acquisition is
The timing and content of any announcement is undoubtedly complicated, caused, in no small part, by legitimate needs for confidentiality against the goals of transparency. I have every reason to trust in the good
mw--- via dev-security-policy writes:
>So they sell multiple roots over to a company that is "the leader in Deep
>Packet Inspection (DPI) and we've got a lot going on in that space" and
>enable them to issue trusted certificates and mitm all encrypted
You didn't really leave room for productive discussion between your
options, did you? :)
As you can see from
https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#8-ca-operational-changes
, notification is required for certain changes - but that notification goes
to a Mozilla mail
Both articles are long on names, short on dates. I don't fault the authors for that but it is troubling that better information wasn't made available to them.When can we expect a proper announcement in this
Another article about this is
http://www.securityweek.com/francisco-partners-acquires-comodo-ca .
Notably, I'm not seeing anything in the official news announcements
pages for either Francisco Partners or Comodo. Is this an attempt at
another StartCom (silent ownership transfer), or is it a
http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
16 matches
Mail list logo