Re: Unbelievable!

Fri, 26 Dec 2008 07:15:43 -0800 

On 12/26/2008 01:28 PM, ro...@comodo.com:

www.mozilla.com, as he has already described.  As we previously
stated, the certificate for www.mozilla.com was revoked shortly after
it was issued.



It would behoove yourself if you'd stick with the facts at least. You 
keep claiming that you detected it and revoked the certificate.


All times in GMT:
- Dec 22 19:47 Certificate issued to mozilla.com
- Dec 22 22:25 The Story broke at dev.tech.crypto

- Dec 22 22:46 Certificate revoked (thanks for not fixing the time in 
the CRL)



Additionally I really hope that your agreement with certstar allows you 
to sue the h*** out of them. I could have received any certificate for 
any domain I'd have been willing to pay $ 45 and nothing would have 
prevented that. If that's not clearly acknowledged I'll feel myself 
forced to publish more material I have at my disposal. The mail for the 
verisign domain was just a small sample.



Since this company uses a domain resembling that of ours which we 
operate already for four years and which has a very high ranking at 
Google, I'm insisting that this company closes their web site. We 
received already calls from people confusing us with them.


- *certstar.com* as opposed to *cert.startcom*.org


Also in light of the damage caused to us and other certification 
authorities due to their attempts to mislead our customers, it's the 
least to have them shut down immediately. Failing to do so will make it 
only worse.



You also claimed that this was an anomaly and that the validation 
mechanism was bypassed by accident. If this is the case would you agree 
with me that such events are very unlikely to reoccur? If that's 
correct, whatever actions or recommendations are decided in relation to 
*this* event, I will suggest to Frank that any re-occurrence would have 
to have appropriate consequences. If it's not correct, I expect you from 
notifying about the actions you are performing within a reasonable 
time-frame to prevent such re-occurrence.


--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog:   https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto





























					Reply via email to