On Thu, May 9, 2019 at 8:56 PM Jakob Bohm via dev-security-policy < [email protected]> wrote:
> On 10/05/2019 02:22, Wayne Thayer wrote: > > Thank you for this response Francois. I have added it to the issues list > > [1]. Because the response is not structures the same as the issues list, > I > > did not attempt to associate parts of the response with specific issues. > I > > added the complete response to the bottom of the page. > > > > On Thu, May 9, 2019 at 9:27 AM fchassery--- via dev-security-policy < > > [email protected]> wrote: > > > >> ... > > ... > > > > In response to the email from Franck that you mention, Gerv responded [1] > > by quoting the plan he had approved and stating "This seems to be very > > different to the plan you implemented." By cross-signing Startcom's old > > roots, Certinomis did assist Startcom in circumventing the remediation > > plan, and by proposing one plan then implementing a different one, > > Certinomis did so without Mozilla's consent. > > > > As can be seen from your [3] link, Certinomis cross-signed StartCom's > NEW supposedly remediated 2017 hierarchy, not the old root. > > Thank you for correcting me Jakob. I was confused by a statement in the 2017 thread that I referenced, but I see now that Certinomis only cross-signed Startcom's new roots. Since Certinomis cross-signed Startcom's new roots before the remediation plan was completed, I believe the statements I made are otherwise correct. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
