Disclosure of Advisory Role with Entrust

2,040 views
Skip to first unread message

Ryan Hurst

unread,
Jul 8, 2024, 3:32:31 PMJul 8
to dev-secur...@mozilla.org

Community,


I wanted to inform you that I’ve taken on another advisory role, this time with Entrust. In this part-time, non-exclusive role, I’ll be making independent factual assessments and providing recommendations to them. My responsibilities include reviewing their plans, conducting root cause analyses, evaluating their policies and procedures, and providing feedback on their incident response plans and communications.


Entrust will consider my recommendations, there may be a learning curve as I familiarize myself with their infrastructure, policies, and procedures so this will be an ongoing process of improvement over time but it is my hope that I will be able to accelerate the resolution of the identified issues and generally help them improve their operations.


As an active member of the m.d.s.p community, I think it’s important to be transparent about this. This way, everyone knows the context when I contribute to public discussions.


For those who know me, you understand how much I value the Web PKI community and its principles. My commitment to objectivity and impartiality is unwavering, and being able to respond objectively is a key reason I agreed to help. I’ll recuse myself from discussions where there might be a conflict of interest.

I understand some of you may be wondering why I decided to take on this advisory role, especially given Chrome's recent analysis on this matter. As you may know, I have run several CAs and even the Microsoft root program in the past. I've seen plenty of mistakes during that time, and since Chrome has said they are open to Entrust’s re-application to the root program, I believe I can help them better understand the scope and nature of the issues that got them here. My expertise can guide them in implementing the necessary changes, ultimately helping them regain the trust of the community. This would not only benefit Entrust and their customers, but having more well-funded organizations that invest appropriately in supporting the Web PKI is in the best interest of the web.

Thank you for your time, and I look forward to continuing our work together.

Best Regards,


Ryan Hurst

Reply all
Reply to author
Forward
0 new messages