> Apparently it may also come as a surprise to some readers and the researchers themselves that other root program members are in fact international governments, and some are also defense companies, or companies who are wholly-owned by defense companies and/or state-owned enterprises, meaning "businesses" that are completely owned or controlled by governments. Further, some of those governments are not free/democratic and in fact some have tragic modern histories of basic human rights violations. We are none of those things and our company does not identify with those values. Given this point above, why of all potential targets are these researchers interested in TrustCor? They could go after countries with human rights violations that have placed a CA in the program.

I'd argue it could be termed "what-aboutism", but I personally fail to see how that matches my definition of "lashing out"...

This part in particular is what I would view as "lashing out"

I agree that it's "what-aboutism". In that regard, it does nothing to establish that TrustCor meets the standards for being a CA.

It does raise a good question for parallel discussion, though: Should Mozilla also be scrutinizing a whole bunch of other CAs as well?