On 01/04/2009 09:27 PM, Daniel Veditz:
Eddy Nigg wrote:
On 01/04/2009 10:20 AM, Eddy Nigg:
On 01/04/2009 04:48 AM, Ian G:
On the punishment side, about all we have is "drop the root!" which I
earlier described as a blunt weapon. Are we being sensible when we now
have to "drop the root" for the three CAs who have reported problems?
Oh btw. where do you see three roots to drop?
The three CAs who have recently issued certs to unauthorized parties are
RapidSSL (md5 hack),
There could have been many more CAs which could have fallen under this
category - RapidSSL was the unlucky one to be picked perhaps.
Potentially you could add quite a few here...not sure.
Certstar/Comodo
Certstar is not a CA, but Comodo. As per previous suggestion, the issue
of their resellers and RAs must be looked at and if needed a solution
found in my opinion. Of course Mozilla must decide first what it exactly
expects in this respect and what is unacceptable. On the other hand, the
current Mozilla CA Policy could be applied as well, which is rather
clear on this issue.
and StartCom.
Ahhh, yes :-)
Did you or anybody else see an issue with the policies and practices of
StartCom which beyond the resolution StartCom offered and handled the
incident would warrant further discussion and actions?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
