On Jan 1, 12:59 am, Eddy Nigg wrote:
> Robin, could you provide some clarifications and your opinion concerning
> the post I made titled "Facts about Comodo Resellers and RAs" in
> particular in relation to the CP and CP statements here:
>
> http://groups.google.com/group/mozilla.dev.tech.crypto/msg/416aa6f5b5610ccf
Eddy,
That thread has a lot going on and I don't propose to try to
address it all. However, I will address your reading of our CPS in an
attempt to bring some degree of clarity.
If I correctly understood your referenced post, you asserted that:
1) Comodo outsources validation to its (non RA) resellers.
2) That the outsourcing of validation to anyone is in direct conflict
with section 4.2.7 of the PositiveSSL CPS.
#1 is incorrect.
You refer to section 1.10.2 of the main CPS as evidence for your
assertion, but that section specifically refers to our main RA class
of partners, which we denominate "Web Host Resellers".
#2 is also incorrect.
The PositiveSSL CPS is an addendum to the main CPS and should be
considered in conjunction with the main CPS and its other addenda.
You refer to section 4.2.7 of the PositiveSSL CPS in particular,
noting that is says ".. Comodo checks that the Subscriber has control
over the Domain name ..".
But consider it together with the rest of the main CPS. Section 4.2.7
(of the PositiveSSL CPS) is a new subsection to be added to section
4.2 "Application Validation" in the main CPS. Section 4.2 as a whole
(in the main CPS) talks throughout of "Comodo checks..", "Comodo
validates..", etc, but note also the preceeding sections of the main
CPS, 4.1, and 4.1.1 which set out exactly who is to do the
validation. Sections 4.1 and 4.1.1 make clear who is to do the
certificate application processing. Taking sections 4.1 and 4.1.1
into consideration makes it clear that the validation to be performed
in section 4.2 may, in fact, be done either by Comodo or by its
appointed RAs.
Sections 1.10, 2.2, 2.8, 3.9.3, 4.13.1, 5.15, 5.18, and 5.26 of the
main CPS also further serve to define the interaction of RAs in the
processing of certificate applications.
Regards
Robin Alden
Comodo
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
