Re: Registerfly

Tue, 27 Feb 2007 13:28:45 -0800 

Gervase Markham wrote:



The domain registrar Registerfly is melting down. They have an SSL 
business, FlySSL[0]. As I understand it, they are an SSL reseller for 
Geotrust (QuickSSL product) and Comodo (FlySSL product), so they don't 
have their own root in the Mozilla certificate store. They themselves 
seem to have a reseller program, ostensibly with 22,000 resellers[1], 
a figure I find hard to believe.

Considering that they have almost one million domain names registered as 
an ICANN registrar, it could be possible... But I suspect, that this are 
the overall resellers which also happen to sell SSL certificates. 
Whatever "Reseller" means in this respect anyway...Guess you can be also 
one without much commitment and investment from your side ;-)



In practice, this means that, for the FlySSL program, they sell 
certificates signed directly by the Comodo (or rather, 
UTN-UserFirst-Hardware) key, such as the one on 
https://registerfly.com/. I haven't found an example of a certificate 
they've sold in their QuickSSL program, but I suspect it might be the 
same.



Let's assume for the sake of argument that we are no longer happy 
about FlySSL's business.

You mean, you are not happy anymore about Geotrust/Comodo business? 
Regfly has no connection to Mozilla whatsoever...


What happens now?


Do we contact Comodo and/or Geotrust and ask them whether they are 
continuing to sign certificates on behalf of Registerfly?



Why should you want to do that? Do you suspect the certificates were 
issued wrongfully? Are verifications not performed according to their 
policy (That of Geotrust/Comodo)? Are revocations not performed anymore 
because of this (_This could be possible, investigate!_)? Or are 
revocation list (CRL) not issued anymore? Any other failings which one 
could consider?



Breakdown of a reseller is most likely no reason for concern, except the 
bad taste....But I guess the CAs in questions have enough resources to 
deal with this...Mmmhhh, except that, remember CA recognition ;-)



--
Regards

Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security






















					Reply via email to