There is now an interest article at "the register":
http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_snaf/
We here now some words from the house of Comodo:
Comodo said that it was pushing for minimum standards for domain
validation (DV) certificates.
The problem illustrated in this unfortunate event highlights the
vulnerability inherent with DV certificates. All DV certificates are
theoretically susceptible to this man in the middle (MITM) exploitation.
While the CAB Forum, which was founded by Comodo, has established
guidelines for highly validated Extended Validation (“EV”) Certificates,
no minimum standard has been adopted. Earlier this month at the CAB
Forum’s most recent meeting, Comodo put forward a minimum standard for
all SSL certificates which, if adopted, would eliminate this MITM
attack. DV certificates' susceptibility to MITM attacks is well known.
Minimum standards are well overdue.
Interesting that Comodo founded the CAB forum and Comodo created a
standard for domain control validation. I wonder where exactly? This
might be reason to join the CAB forum?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
