Eddy Nigg wrote: > As I see it, our case indeed was a bug, the Comodo case was negligence.
There is no clear line between one and the other. You are saying the Comodo case was negligence because the bug was so obvious that they should have spotted it. But the obviousness of bugs is a gradated scale. If the flaw in the Startcom system might have been found by employing an experienced web app white hat hacker, does that make it negligence for you not to have done so? I am not saying the two incidents were the same - I think every incident has to be assessed individually. I am just saying that you cannot make such a division so quickly and easily. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
