Re: Acquisition policy (was: Francisco Partners acquires Comodo certificate authority business)

On Thu, Nov 9, 2017 at 1:25 PM, Peter Kurrasch via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > There's always a risk that a CA owner will create a security nightmare > when we aren't looking, probationary period or not. In theory regular > audits help to prevent it, but

Re: Francisco Partners acquires Comodo certificate authority business

On Tuesday, October 31, 2017 at 9:22:09 AM UTC-4, Kyle Hamilton wrote: > http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business I did a little spot check. So yes they hired a person who was involved with Entrust, so that is a plus. The website says it

Re: Acquisition policy (was: Francisco Partners acquires Comodo certificate authority business)

From: westmail24--- via dev-security-policySent: Wednesday, November 8, 2017 7:50 PMTo: mozilla-dev-security-pol...@lists.mozilla.orgReply To: westmai...@gmail.comSubject: Acquisition policy (was: Francisco Partners acquires Comodo certificate authorit

Acquisition policy (was: Francisco Partners acquires Comodo certificate authority business)

Hello Peter, But what prevents Francisco Partners making security nightmare after the probationary period? This is logical, I think. Regards, Andrew ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Re: Francisco Partners acquires Comodo certificate authority business

On 11/1/17 12:22 PM, westmai...@gmail.com wrote: Hello, Why you're removed the post of Peter Gutmann (Nov. 1, 2017, 4:08)? If I understand correctly, at the time of the public discussion for new root certificates SSL.com (RA Comodo) Mozilla concealed information about the acquisition of SSL

RE: Francisco Partners acquires Comodo certificate authority business

On November 1, 2017 at 2:23:17 PM, westmail24--- via dev-security-policy ( dev-security-policy@lists.mozilla.org) wrote: Hello, If I understand correctly, at the time of the public discussion for new root certificates SSL.com (RA Comodo) Mozilla concealed information about the acquisition of

RE: Francisco Partners acquires Comodo certificate authority business

Hello, Why you're removed the post of Peter Gutmann (Nov. 1, 2017, 4:08)? If I understand correctly, at the time of the public discussion for new root certificates SSL.com (RA Comodo) Mozilla concealed information about the acquisition of SSL business of Comodo and that now the past public

RE: Francisco Partners acquires Comodo certificate authority business

age- > From: Peter Gutmann > via dev-security-policy > Sent: 01 November 2017 04:08 > To: mozilla-dev-security-pol...@lists.mozilla.org; m...@flanga.io > Subject: Re: Francisco Partners acquires Comodo certificate authority business > > mw--- via dev-security-policy <dev-securi

RE: Francisco Partners acquires Comodo certificate authority business

> -Original Message- > From: Gerv > Subject: Re: Francisco Partners acquires Comodo certificate authority business > > On 31/10/17 13:21, Kyle Hamilton wrote: > > http://www.eweek.com/security/francisco-partners-acquires-comodo-s- > certificate-authority-busin

Re: Francisco Partners acquires Comodo certificate authority business

On 31/10/17 13:21, Kyle Hamilton wrote: > http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business Comodo notified Mozilla of this impending acquisition privately in advance, and requested confidentiality, which we granted. Now that the acquisition is

Re: Francisco Partners acquires Comodo certificate authority business

The timing and content of any announcement is undoubtedly complicated, caused, in no small part, by legitimate needs for confidentiality against the goals of transparency. I have every reason to trust in the good

Re: Francisco Partners acquires Comodo certificate authority business

mw--- via dev-security-policy writes: >So they sell multiple roots over to a company that is "the leader in Deep >Packet Inspection (DPI) and we've got a lot going on in that space" and >enable them to issue trusted certificates and mitm all encrypted

Re: Francisco Partners acquires Comodo certificate authority business

You didn't really leave room for productive discussion between your options, did you? :) As you can see from https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#8-ca-operational-changes , notification is required for certain changes - but that notification goes to a Mozilla mail

Re: Francisco Partners acquires Comodo certificate authority business

Both articles are long on names, short on dates. I don't fault the authors for that but it is troubling that better information wasn't made available to them.When can we expect a proper announcement in this

Re: Francisco Partners acquires Comodo certificate authority business

Another article about this is http://www.securityweek.com/francisco-partners-acquires-comodo-ca . Notably, I'm not seeing anything in the official news announcements pages for either Francisco Partners or Comodo.  Is this an attempt at another StartCom (silent ownership transfer), or is it a

Francisco Partners acquires Comodo certificate authority business

http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy