Gervase Markham wrote: > Duane wrote: >> Shouldn't Geotrust/Comodo's CPS cover all these kinds of questions? If >> not they are in breach and they should have direct obligations to >> Mozilla etc... > > Geotrust's documents are here: > http://www.geotrust.com/resources/repository/legal.asp > > I checked the "Reseller Agreement" - basically, FlySSL just passes the > data to Geotrust, which does the work. So there's no increased risk of > bad cert issuance.
Is FlySSL acting as a "Registration Authority" (RA) for Geotrust/Comodo? A Registration Authority (as you may know) performs the part of the CA's duty that involves verifying the identity of the "subscriber" applying for the cert. When the RA has verified that, it passes the cert request on to the CA, which then issues the cert on the strength of the RA's assertion that the information is verified. So if a party acting as an RA for a CA "melts down", it could indeed increase the risk of bad cert issuance _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
