> -Original Message-
> On 1/9/09 12:51 PM, Johnathan Nightingale wrote:
>
> > - Do the work to arm ourselves so that when we are confident pulling
> > the trigger, we can actually do so with minimal changes (in case it
> > happens in a point release, for instance)
> > - Establish our fee
l our investigation has been completed. Please let me know if you have
any further problems.
Regards
Robin Alden
Comodo
> -Original Message-
> From: dev-tech-crypto-bounces+robin=comodo@lists.mozilla.org
> [mailto:dev-tech-crypto-bounces+robin=comodo@lists.mozilla.org]
Eddy,
That reseller's ability to sell Comodo certificates has been
suspended while we investigate why they are apparently not fulfilling their
contractual obligations to us.
We revoked your certificate for mozilla.com.
Regards
Robin Alden
Comodo
> -Original
> -Original Message-
> From: Eddy Nigg
> Sent: Wednesday, August 06, 2008 9:12 PM
> To: dev-tech-crypto@lists.mozilla.org
> Subject: Re: Comodo ECC CA inclusion/EV request
>
> Robin Alden:
> > Eddy Nigg said:
> >> In http://www.mozilla.org/proje
Eddy Nigg said:-
> Robin Alden:
> > f) refers to an SSL product which is limited in such a way that it isn't
> > generally usable on the public internet. We offer no warranty on the
> > product, and the main part of the domain validation is to ensure that
> the
>
Robin Alden wrote:-
> Eddy Nigg wrote:-
> > Oh and f) is also interesting ;-), I wonder how many
> > "localhost" certificates were issued so far...
> [Robin said...]
> Not many! We do issue quite a number for organizations to use internally
> on
> other name
Eddy Nigg wrote:-
> (to Frank Hecker)
> As per your comment in
> https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you
> state that no problematic practices associated with this CA,
> but I found that in section 2.4.1 domain validated wild cards
> are issued, which is listed in
>
http://wiki.
Eddy,
> > [Robin said...]
> > Our main current objection to them is on grounds of maintaining a level
> > commercial playing field among all CAs (in the Mozilla root program).
> >
> Robin, just for your knowledge that most if not all CAs which have roots
> in NSS, are commercial CAs. Most, if not a
> In terms of getting "concessions" from individual CAs: In the past we
> have held up approval of CA requests until we could be satisfied that
> CAs were in compliance with specifically-called-out requirements of our
> policy. For example, in a number of cases it wasn't clear at all from a
> CA's
Frank,
> No. I'm simply stating that there are CA-related issues which may not
> warrant us having a formal policy on, but which we may have an opinion
> on that we want to express.
>
> To take another example: our policy doesn't address the issue of whether
> CAs issue end entity certs directly f
Eddy,
> The problem I'm seeing right now is, which isn't a problem of yours per
> se, that if Mozilla approves the upgrade to EV status, your CA roots
> will receive further anchors in the software, making it even more
> difficult to receive the cooperation I'm seeking on the issues, not
> speaking
pply that new policy to all CAs.
The proscription of SSL products, or of details of their implementation, is
something that should reasonably be discussed collectively with the CAs and
the browsers. Can I suggest that the CAB Forum would be one place in which
the matter could usefully be discusse
> Eddy Nigg (StartCom Ltd.) wrote:
> > Robin, just to answer this one...
> >
> > Robin Alden:
> >> [Robin said...] A fair point, and perhaps that is a whole other
> >> problem. Our CA *does* have
> >> roots in NSS.
> >>
> >
> &g
> Robin, just to answer this one...
>
> Robin Alden:
> > [Robin said...]
> > A fair point, and perhaps that is a whole other problem. Our CA
> *does* have
> > roots in NSS.
> >
>
> This is correct. However your CA roots are considered legacy roots
>
> >> But by issuing *domain validated* certificate for up to *ten years*,
> >> without revalidation is completely irresponsible and borders on
> gross
> >> negligent.
> >>
> > [Robin said...]
> > I disagree. With a DV certificate the only thing that we are
> warranting is
> > that the key holder c
> Robin Alden:
> >
> > The only certificates we issue for 10 years are DV certificates.
> > We do not currently repeat any of the validation checks during a
> > certificate's lifetime for any of our certificate types.
> >
>
> The behavior of Comodo in
t a bulk snapshot of information that we would have gathered for 4.2.1.
The 3rd party databases mentioned are the domain registries (for Whois records)
or the jurisdictions of incorporation (for evidence of legal existence and
correctness of address details, etc, of the legal entity).
Regards
Robin Alden
Comodo CA Ltd.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
list of ways we see people using SSL certificates to commit
fraud.
Regards
Robin Alden
Comodo CA Limited
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
ed to compete with order
CAs issuing wildcard products.
Regards
Robin Alden
Comodo
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
ly as a brand of ScandTrust AB. Sweden - although Comodo does have the
right to continue using the root CA certificates which we purchased from
them and which bear the AddTrust name.
Robin Alden
___
dev-tech-crypto mailing list
dev-tech-
quot; - well, I'd rather answer the questions in this
forum, if possible.
Regards
Robin Alden
Comodo CA Limited.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eddy Nigg
(StartCom Ltd.)
Sent: 24 March 2008 02:38
To: Frank Hecker
Cc: dev-tech-crypto
Eddy,
I'm sorry I haven't got around to answering your questions until
now.
You wrote:
> 1.) The audit report for non-EV operations refers to the CA operation at
> Manchester. The audit report for EV refers to the CA operations at New
> Jersey. One of the roots is from a company operatin
22 matches
Mail list logo
