Dear all, I just wanted to give you all an update from Certstar. As you all know we failed to validate a certificate due to a flaw in our system which is clearly unacceptable.
Having worked intensively with this case I can truly say that Comodo is indeed taking their responsibility extremely seriously and taking huge efforts to ensure that safety of their root. Currently we are going through a number certificate to double ensure that no further mis-issuances have occurred. Personally I do feel that it would have been appropriate if we had been contacted by StartCom Ltd when they found this flow so that it could have been fixed faster. Being our competitor I am not sure if we could expect this, but it would indeed have been generous move. The technical verification procedure has been improved and is now on a very high security level. Comodo will also review our implementation to ensure that it comply with all standards and cannot be abused. Again, I would like to apologize to the community. Nothing does however indicate that the flow was abused by others – but still we have made a huge mistake which I sincerely apologize for. -- kind regards, Patricia, Certstar ApS _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
