Eddy,
You said:
> 3.) The Comodo Certification Practice Statement, Version 3.0 and
> other CPS amendments state certificate validity of up to ten years
> and beyond. I couldn't find any provision in case the domain name
> expires. It isn't clear what happens if an identity or organization
> changes name, changes address, stops its operation, dies etc. How
> does Comodo guaranty the validity of these certificates throughout
> their lifetime?
The only certificates we issue for 10 years are DV certificates.
We do not currently repeat any of the validation checks during a
certificate's lifetime for any of our certificate types.
If a subscribing entity changes name, address, or ceases operation they are
obliged (by the subscriber agreement) to inform us.
If we become aware that any of the details held in the certificate become
invalid then, as stated in the CPS (version 3.0 section 4.13), we may revoke
the certificate. We would rather see a certificate with incorrect details
pulled and replaced with one with the correct details (which we will often
provide free of charge) but if that does not happen we will revoke.
We have certainly thought about the case where an organization ceases to
operate, or a domain name changes hands, and when we follow the cases
through where the subscriber does not inform us they do not strike us as
being of high risk. There is some risk of fraud, certainly, but it is not
high up the list of ways we see people using SSL certificates to commit
fraud.
Regards
Robin Alden
Comodo CA Limited
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
