(re-sending to list) > We also asked Trustico to cease offering any tools to generate and/or retain customer private keys.
Does Comodo intend to standardize a policy against this? GoGetSSL has a tool like this in their customer panel and I’m sure there are more. On Fri, Mar 2, 2018 at 12:29 PM Rob Stradling via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > We also asked Trustico to cease offering any tools to generate and/or > retain customer private keys. They have complied with this request and > have confirmed that they do not intend to offer any such tools again in > the future. > > Trustico have also confirmed to us that they were not, and are not, in > possession of the private keys that correspond to any of the > certificates that they have requested for their customers through Comodo > CA. > > On 02/03/18 15:25, Rich Smith via dev-security-policy wrote: > > Comodo CA has investigated the reports posted to this list relating to > the > > suspected compromise of the private key corresponding to > > https://crt.sh/?id=206535041. Trustico have assured us that the > private key > > could not have been compromised. However, since it will be hard to > convince > > everyone that this is the case, Trustico have agreed to obtain a > replacement > > certificate with a new keypair. Once that new certificate has been > > installed, Comodo CA will revoke https://crt.sh/?id=206535041. > > > > Regards, > > Rich Smith > > Sr. Compliance Manager > > Comodo CA > -- > Rob Stradling > Senior Research & Development Scientist > ComodoCA.com > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy