I'm raising this up to the top level to get it more visibility. There is
earlier discussion deep in the thread titled "Proposal for Mozilla CA
policy extension".
The domain registrar Registerfly is melting down. They have an SSL
business, FlySSL[0]. As I understand it, they are an SSL reseller for
Geotrust (QuickSSL product) and Comodo (FlySSL product), so they don't
have their own root in the Mozilla certificate store. They themselves
seem to have a reseller program, ostensibly with 22,000 resellers[1], a
figure I find hard to believe.
In practice, this means that, for the FlySSL program, they sell
certificates signed directly by the Comodo (or rather,
UTN-UserFirst-Hardware) key, such as the one on
https://registerfly.com/. I haven't found an example of a certificate
they've sold in their QuickSSL program, but I suspect it might be the same.
Let's assume for the sake of argument that we are no longer happy about
FlySSL's business.
What happens now?
Do we contact Comodo and/or Geotrust and ask them whether they are
continuing to sign certificates on behalf of Registerfly?
Gerv
[0] http://www.registerfly.com/ssl/
[1] http://www.registerfly.com/reseller/ssl.php
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security