patri...@certstar.com wrote: > On Dec 27, 1:22 am, "David E. Ross" <nob...@nowhere.not> wrote: >> I find these failures of Certstar's QA processes alarming when you >> consider the purpose of certificates. That is, if you can't get a >> simple canned message correct and allow several certificates to be >> signed without verifying that the subscriber is authorized, what else is >> amiss in your QA department? > > A mistake did happen (we are sorry) but actions have been taken to > prevent it reoccuring. You will not see verification problems from > Certstar again. Our CA has (rightfully) putted us in the heat for this > mistake.
Patricia, we saw several strange things from Certstar during the last days, not just one mistake: 1. Spam e-mail to StartCom customers showing dubious business practices 2. No effective domain validation procedures 3. Strange from address with another famous trademark as local part used in another posting here 4. Wrong text in automatically generated e-mail messages 5. A really strange suggestion showing lack of fundamental knowledge in thread "Avoid incorrect issuing of Certificates" PKI is about trust. You do not seem trustworthy at all. So my conclusion is that you should never put in CA-related business again. @Comodo: This is not just a matter of lack of training. That's matter of the attitude. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
