On 12/29/2008 4:46 PM Eddy Nigg cranked up the brainbox and said: > The amount of customers never was a known criteria of CAs business > practices ever.
I also don't know how many Credit cards Bank of America issues, but I can guess with reasonable accuracy. > Isn't the responsibility of a CA this size much greater and breach of > trust going to affect many? Is a breach of trust justified and > acceptable because of the size of a CA or shouldn't that CA provide > extra care? Considering the KNOWN size of the breach, a maximum of 111 certs, less than ten percent of which could not be verified in 2 days, only 2 of which were confirmed to be fraudulent (both your attempts), I don't think this requires a revocation. If we /can/ resolve this issue without revoking, why shouldn't we? > (For your knowledge, Netcraft confirms There's a reason "netcraftconfirmsit" is a tag on Slashdot, and it's not because Netcraft is a bastion of statistical rigor. My point still stands. Revoking Comodo certs would be a needlessly messy and painful endeavour, and should be avoided if the situation can be resolved elsewise. So far, I have no reason to believe Comodo can't tighten up their practices without nuking millions of web surfers. -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
