I actually find Rob's "so it would seem" rather reassuring. A CA which has its own properties (not just one or two key brand name servers) on a high value check list is not focusing properly on the things the Relying Parties care about like banks and famous Internet brands likely to be targeted by bad guys.
It's slightly funnier that Commodo seemingly doesn't make use of its own CT alerting service to be warned of such issuances after the fact though. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy