On Mon, Feb 3, 2025 at 8:19 AM Mike Shaver <[email protected]> wrote: > On Mon, Feb 3, 2025 at 10:12 AM Bastian Blank <[email protected]> wrote: >> On Mon, Feb 03, 2025 at 12:17:27AM -0800, 'Nick France' via >> [email protected] wrote: >> > Sectigo has nothing to do with the brand or assets of Entrust. They remain >> > with Entrust and were not part of this acquisition, as previously stated. >> >> However you clearly re-use some of the systems. From the Sectigo page, >> it is clear that the Entrust management frontend is still in use: >> >> | Once the integration is in place later this year, you will be able to >> | order Sectigo certificates directly from Entrust, and Sectigo will issue >> | the certificates directly to you through Entrust Certificate Services >> | (ECS). > > > Isn't this just a basic certificate reseller setup, like Entrust had with > SSL.com already? > > "Use our system to order their certs" is generally how it works because "our > web front end" is the only real value that can be added by a reseller (other > than rolodex, I suppose). > > I entirely approve of scrutiny being applied to Entrust's relationship with > certificate issuance, but I think this matter seems pretty clearly settled at > this point until there is any actual evidence of misuse or imminent risk.
+1; this seems no different than what companies like NameCheap (https://www.namecheap.com/security/ssl-certificates/), Gandi (https://www.gandi.net/en-US/security), and SSLs.com (https://www.ssls.com/) offer. They are not CAs, they do not operate HSMs for the WebPKI, they do not control issuance of WebPKI certificates. Historically, there are multiple prior cases of a company that formerly operated a publicly trusted CA switching to become a reseller of certificates from other publicly trusted CAs. This seems to just be another case of that model. Thanks, Peter -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAK6vND-47runKh-rg5QCqyKpHWP6AdMF5DJ4k3PMYivHgm%3Dz1w%40mail.gmail.com.
