Kyle Hamilton wrote:
I advocate at least temporarily removing the trust bits from Comodo until a new external audit can be completed, with an eye toward ensuring that Comodo, not the reseller, perform the domain validations.
There are two general reasons for pulling a root, to address a clear and present danger to Mozilla users, and to punish a CA and deter others. My concern right now is with the former. I see at least three issues in relation to that:
1. Issuance of further non-validated certs by this reseller. Comodo seems to have addressed this by suspending the reseller's ability to get certs issued. (I can testify that this is the case, as I tried to duplicate Eddy's feat earlier today and got my uploaded CSR rejected.)
2. Potential problems with certs already sold through this reseller. Comodo should investigate this and take action if needed. (This need not necessarily require revoking all certificates associated with the reseller; for example, the existing certs and their associated domains could be re-validated, the registered domain owners could be notified of the potential for bogus certs floating around, etc.)
3. Potential problems with other Comodo resellers. I'm not going to tell Comodo how to operate its reseller network, but they certainly should take a look at whether and where this might be a problem with other resellers, and how they could revamp their systems to reduce potential problems with resellers.
Pulling a Comodo root will knock out Firefox, etc., access to thousands of SSL sites, maybe tens of thousands. Given the disruption that would cause, the final decision on this IMO should be made in conjunction with the Firefox security folks. From my point of view I'd wait on more information regarding items 2 and 3 above before making a recommendation.
Frank -- Frank Hecker hec...@mozillafoundation.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
