Eddy Nigg (StartCom Ltd.) wrote: > 1.) Is it possible to get a list of the currently active issuing > intermediate CA certificates of each CA root *currently* for > consideration? It would be interesting to know which of these issue EV, > both or non-EV.
I *think* what you're looking for is in section 1.8 of the 3.0 version of the CPS. That section lists the cert chains characteristic of Comodo-issued (non-EV) end entity certificates, including issuing CAs and the root CAs they chain up to. Section 1.8 of the Comodo EV CPS contains the same type of information for EV certs. (By the way, I wish more CAs would publish information like this.) > 3.) Here a few questions in relation to the LiteSSL CPS: > > * 1.12 states: "Because LiteSSL and LiteSSL Wildcard certificates > are not intended to be used in an e-commerce transaction or > environment, parties who rely on a LiteSSL or LiteSSL Wildcard > certificate do not qualify as a relying party." How can a relying > party NOT be a relying party? This is also confirmed under section > 4.11. Another data point: there's actually a LiteSSL Relying Party agreement: http://www.comodo.com/repository/docs/litessl_relying_party.html which is referenced on the Comodo repository page: http://www.comodo.com/repository/ The LiteSSL relying party agreement is separate from the main Comodo relying party agreement: http://www.comodo.com/repository/docs/relying_party.html Also, LiteSSL is not included within the scope of the SSL Relying Party Warranty: http://www.comodo.com/repository/docs/SSL_relying_party_warranty.html Prior to hearing from Comodo on this point, my guess is that Comodo was basically stating that LiteSSL certificates were not intended to be used for sites conducting financial transactions ("e-commerce"), and should not be relied on in that context. The intended purpose of the LiteSSL certs was presumably for facilitating access to non-financial data, e.g., for personal or small group sites. (I actually got a LiteSSL cert for my www.hecker.org site at one point, for exactly this reason.) Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
