Eddy Nigg (StartCom Ltd.) wrote: > Ohoommm...it doesn't say not to rely for e-commerce, but not to rely AT > ALL :-) It says, BECAUSE the certificates aren't meant to be for > e-commerce parties can not rely on it - any party - for any purpose - > do not qualify as a relying party.
After looking again at the LiteSSL addendum and the 2.4 version of the CPS (to which the LiteSSL addendum applies), I think what happened is as follows: The term "relying party" has a specific definition in the 2.4 CPS, is used in specific ways throughout the 2.4 CPS, and has an associated relying party agreement published on the Comodo site (as I noted in a previous message). When Comodo introduced the LiteSSL service and published the LiteSSL addendum to the 2.4 CPS, I'm guessing that they wanted to avoid having LiteSSL be affected by the existing 2.4 language concerning relying parties and by the existing Comodo relying party agreement. In this context I interpret section 1.12 of the LiteSSL addendum as meaning "... parties who rely on a LiteSSL or LiteSSL Wildcard certificate do not qualify as a relying party [as that term is otherwise used in the 2.4 CPS]." I do not interpret the 1.12 language as meaning that LiteSSL cert could not be relied on for any purpose whatsoever. As explicitly stated in sections 2.4.1.k and 2.4.1.l of the LiteSSL addendum, LiteSSL certs were intended for noncommercial uses not involving data of financial value, and could presumably be relied upon for that restricted set of uses. And as I stated earlier, Comodo actually has a LiteSSL-specific relying party agreement. In summary, I definitely think that Comodo could have made the LiteSSL CPS addendum clearer; their lawyers apparently got too clever in trying to limit Comodo's liability with regard to LiteSSL certs, and ended up introducing ambiguity into the CPS. However I don't think this amounts to LiteSSL certs being totally insecure and unreliable; they appear to be garden-variety domain-validated certs, no more and no less. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
