Ben Bucksch wrote:
a) PositiveSSL Certificate
PositiveSSL Certificates are low assurance level Secure Server
Certificates from Comodo ideal for mail servers and server to server
communications. They are not intended to be used for websites
conducting e-commerce or transferring data of value.
<snip>
"not intended for ... e-commerce. ... the certificates carry no warranty"
It's clear that these certificates were never defined to be used in
browsers, and therefore never should have been shipped with browsers. In
any case, whatever Comodo's intends or actions, PositiveSSL does *not*
carry a valid audit for inclusion in browsers.
Ben, this is a pretty common disclaimer that CAs (including CAs other
than Comodo, I believe) make for DV certs (i.e., certs for which only
the domain control is validated).
No e-commerce site should be using DV certs, and IMO all e-commerce
sites should consider upgrading to EV certs. The market for DV certs is
people like me, who want to provide basic security measures for a web
site (or email server) but are not dealing with data of any monetary
value and are not otherwise subject to laws or regulations that would
cause us significant liability in the event of a breach. We support DV
certs in browsers for that market.
Frank
--
Frank Hecker
hec...@mozillafoundation.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
