Re: Comodo request for EV-enabling 3 existing roots

Sun, 16 Mar 2008 07:55:19 -0700 

Frank Hecker:
> Nelson Bolyard wrote:
>   
>> Wow!  I'd say that a CA that says "You cannot rely on our certs for
>> eCommerce" should not be trusted for SSL by default in Mozilla products!
>>
>> Of course, that's a policy issue.  Frank, what do you think?
>>     
>
> It is a policy issue, and we've had this discussion before. My point has 
> always been that SSL certs have multiple valid uses, and enabling online 
> purchasing and other financial transactions ("ecommerce") was one such 
> valid use but not the only one. Another valid use is using SSL to 
> provide extra security for non-financial applications, e.g., to encrypt 
>   authentication information (passwords) and transaction data over the 
> wire, and to provide a measure of protection against DNS spoofing. IMO 
> domain-validated certs are adequate for this purpose, and that's the 
> major reason I argued that they be included under our policy.
>   

Absolutely, Frank! Domain validated certificates are very useful for the 
intended purpose, mainly to prevent eavesdropping, protect and encrypt 
data during exposure when traveling on the network, encryption of email 
and client authentication. Webmail, password protected sites (blogs, 
forums, administrative interfaces etc). and more...

Your site is a good example for such usage!  However the CPS in question 
stated that a relying party isn't a relying party :-) This sounds 
funny....But even if Comodo says so, I'm not even sure if it would 
uphold in court anyway. Lets move on to the next mail...

> I think the statement Eddy references is basically a case of Comodo 
> being honest and admitting that LiteSSL certs are adequate for some 
> purposes (e.g., securing a low-value personal or small group site like 
> my own) but not for others (e.g., running an online store). That 
> statement strikes me as unexceptional

-- 
Regards 
 
Signer:         Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:         [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog:   Join the Revolution! <http://blog.startcom.org>
Phone:          +1.213.341.0390
 

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to