Kyle Hamilton wrote, On 2008-12-24 08:39:
> On Wed, Dec 24, 2008 at 4:25 AM, Ian G wrote:
>> PS: on an earlier comment, check this out:
>>
>> http://blogs.technet.com/mmpc/archive/2008/11/06/malware-and-signed-code.aspx
>>
>> This is, IMHO, the sort of work that Mozilla should be treating as more
On Wed, Dec 24, 2008 at 4:25 AM, Ian G wrote:
> PS: on an earlier comment, check this out:
>
> http://blogs.technet.com/mmpc/archive/2008/11/06/malware-and-signed-code.aspx
>
> This is, IMHO, the sort of work that Mozilla should be treating as more
> important than today's case, because it evidenc
On 12/24/2008 3:36 AM, Ian G wrote:
> Hi David,
>
> On 24/12/08 02:23, David E. Ross wrote:
> {long diatribe by iang on liability snipped}
>
>> See the thread "Unbelievable" in this newsgroup.
>>
>> Now we have the situation in which Comodo allowed third-party CAs under
>> its root to issue site
On 24/12/08 12:36, Ian G wrote:
Hi David,
I would expect that Comodo would say that their RPA sets the scene, the
baseline. I found this:
http://www.comodo.com/repository/
http://www.comodo.com/repository/docs/relying_party.html
Now, this might not be the right doc. But, let's assume it is, for
Hi David,
On 24/12/08 02:23, David E. Ross wrote:
{long diatribe by iang on liability snipped}
See the thread "Unbelievable" in this newsgroup.
Now we have the situation in which Comodo allowed third-party CAs under
its root to issue site certificates without proper authentication of the
subsc
On 12/18/2008 2:09 PM, Ian G wrote:
> On 18/12/08 18:25, Anders Rundgren wrote:
>> CA liability has been focused on the RP since it an RP that "trusts" a CA
>> and its certificates, right?
>
>
> Um!
>
> If one takes a PKI view, then there exist 3 main parties: CA, RP,
> Subscriber. However ot
On 18/12/08 18:25, Anders Rundgren wrote:
CA liability has been focused on the RP since it an RP that "trusts" a CA
and its certificates, right?
Um!
If one takes a PKI view, then there exist 3 main parties: CA, RP,
Subscriber. However other views exist. Liabiliy is an issue at law (in
th
CA liability has been focused on the RP since it an RP that "trusts" a CA
and its certificates, right?
A problem with this notion is that there is no end to what a wrongly certified
entity could cause in damages, particularly not for "eID" kind of certificates
that potentially opens any number of
8 matches
Mail list logo
