FWIW my opinion: I don't think there should be a lifetime or long term ban for people or companies that have operated a bad CA in the past.
However I do believe that the way Wosign representatives on this list acted in the past was often dishonest and highly problematic. If Wosign continues to appear that way I don't see how they can successfully be trusted again. Not because they are Wosign, but because I wouldn't trust any other CA behaving that way. If Wosign wants to be trusted they need to show a behavior where the community feels questions are answered honestly and technical problems are taken seriously. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
