On 12/29/2008 09:41 AM, Grey Hodge:
Apparently, but that doesn't mean it's invalid. Mozilla can't act arbitrarily and without cause and expect to retain any shred of respect or trustworthiness.
Nobody suggested that I think. There is however real cause for concern.
Yes, perhaps, and perhaps they send out certs to anyone who asks nicely, but we have little evidence to support these suppositions.
Please read the other thread "Facts about Comodo Resellers and RAs" at http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/e2755401a7dec203
Please do not add comments to that thread without relevance, thanks.
Rather than having a kneejerk reaction of removing Comodo from the root list, why don't we examine the situation. This reseller was not acting according to proper procedure. Comodo immediately revoked their reseller status, and reviewed their certs. Further, they've said they're reviewing their policies to ensure this doesn't happen again. Given their candor and quick response, what more do you require that you feel you're not getting that justified removing them as a root CA? I really think you're going overboard. Form what I see, I'm not alone in that assessment. You did a good job in bringing this to light. Having the issues you uncovered addressed and fixed should be sufficient. Why do we need to take punitive action that will do nothing but punish tens of thousands of other Comodo customers and millions of users?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
