info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
InfoCert Acquisition of Camerfirma
168 views
Skip to first unread message
Wayne Thayer
May 22, 2018, 6:50:48 PM5/22/18
to mozilla-dev-security-policy
On Thursday, a representative of AC Camerfirma sent an email informing
Mozilla that InfoCert [1] has taken control of Camerfirma. News of the deal
was first published on May 4th. [2]
Section 8.1 of our policy applies here (quoting version 2.6 draft):
If the receiving or acquiring company is new to the Mozilla root program,
> it must demonstrate compliance with the entirety of this policy and there
> MUST be a public discussion regarding their admittance to the root program,
> which Mozilla must resolve with a positive conclusion in order for the
> affected certificate(s) to remain in the root program. If the entire CA
> operation is not included in the scope of the transaction, issuance is not
> permitted until the discussion has been resolved with a positive conclusion.
>
InfoCert is new to the Mozilla root program, so a public discussion
regarding their admittance to the root program is in order. I have
requested clarification, but my current understanding is that AC
Camerfirma's entire CA operation is part of the transaction. Thus,
according to our new policy, certificate issuance may continue during our
discussion period.
Camerfirma has informed me that they will not be able to answer our
questions until the transaction "has been done in the Spanish government's
public registry", which they expect to take approximately 4 weeks.
Meanwhile, I have created a bug [3] to track this request and have posed a
number of questions to InfoCert.
- Wayne
[1] https://infocert.digital/about-us/
[2]
https://www.corrierecomunicazioni.it/digital-economy/infocert-sbarca-allestero-acquisito-il-51-della-spagnola-camerfirma/
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1463597
Mozilla that InfoCert [1] has taken control of Camerfirma. News of the deal
was first published on May 4th. [2]
Section 8.1 of our policy applies here (quoting version 2.6 draft):
If the receiving or acquiring company is new to the Mozilla root program,
> it must demonstrate compliance with the entirety of this policy and there
> MUST be a public discussion regarding their admittance to the root program,
> which Mozilla must resolve with a positive conclusion in order for the
> affected certificate(s) to remain in the root program. If the entire CA
> operation is not included in the scope of the transaction, issuance is not
> permitted until the discussion has been resolved with a positive conclusion.
>
InfoCert is new to the Mozilla root program, so a public discussion
regarding their admittance to the root program is in order. I have
requested clarification, but my current understanding is that AC
Camerfirma's entire CA operation is part of the transaction. Thus,
according to our new policy, certificate issuance may continue during our
discussion period.
Camerfirma has informed me that they will not be able to answer our
questions until the transaction "has been done in the Spanish government's
public registry", which they expect to take approximately 4 weeks.
Meanwhile, I have created a bug [3] to track this request and have posed a
number of questions to InfoCert.
- Wayne
[1] https://infocert.digital/about-us/
[2]
https://www.corrierecomunicazioni.it/digital-economy/infocert-sbarca-allestero-acquisito-il-51-della-spagnola-camerfirma/
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1463597
0 new messages