Robin, I have a request to make. Lets put aside for a minute the procedural matters and let me ask you a few questions:
- We are not seeking to cause any harm to Comodo or unilaterally remove the roots from NSS. However can we seek the cooperation on the issues which were raised and is Comodo willing to address this issues in good faith? - Apparently you agree that the major issues we've raised, indeed pose a higher risk to the relying parties. Can we work together in order to improve your products to the extend that both sides can live with it and based on reasonable terms? This would improve the overall quality of all certificates issued by CAs which are included in NSS, which would result in further strengthening of digital certification in general and in Mozilla software in particular. It would improve also your standing in this industry! - Any conclusions through this process and any update to the Mozilla CA policy would be evenly applied upon all CAs included in NSS. Additionally, other software vendors, most notably Microsoft could adopt them as well, resulting in a major improvement of our industry. Under this condition, would you be willing to seriously address the issues, make and amend changes to your CPS and implement the changes at your CA? The issues which should be addressed are certificates with a longer validity and domain validated wild card certificates. I would like to make the following suggestions, that - domain validated certificates which are valid for more than 24 month, must be re-validated every year thereafter (starting after 24 month). Should revalidation fail, the certificate shall be suspended until the subscriber has done so successfully or revoked. This would leave your product intact and you could continue to issue them as you do today, however would introduce additional validations during the life time of the certificate. - domain validated wild card certificates would undergo an additional identity validation. The certificates content itself doesn't have to be changed compared to what you do today (if you prefer), but you would guaranty through your CPS that you perform this additional validation. Are these suggestions reasonable in your point of view and would this be acceptable to the management of Comodo? Could Comodo commit and agree to such an implementation, provided that this will be evenly applied upon all CAs currently in NSS? If not, can you please provide an alternative, solving the issues at hand and explain what Comodo would be willing to implement instead? -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
