-Original Message-
On 1/9/09 12:51 PM, Johnathan Nightingale wrote:
- Do the work to arm ourselves so that when we are confident pulling
the trigger, we can actually do so with minimal changes (in case it
happens in a point release, for instance)
- Establish our feelings
Eddy,
That reseller's ability to sell Comodo certificates has been
suspended while we investigate why they are apparently not fulfilling their
contractual obligations to us.
We revoked your certificate for mozilla.com.
Regards
Robin Alden
Comodo
-Original Message-
From
investigation has been completed. Please let me know if you have
any further problems.
Regards
Robin Alden
Comodo
-Original Message-
From: dev-tech-crypto-bounces+robin=comodo@lists.mozilla.org
[mailto:dev-tech-crypto-bounces+robin=comodo@lists.mozilla.org] On
Behalf
-Original Message-
From: Eddy Nigg
Sent: Wednesday, August 06, 2008 9:12 PM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: Comodo ECC CA inclusion/EV request
Robin Alden:
Eddy Nigg said:
In http://www.mozilla.org/projects/security/certs/policy/ section 7
explicitly states
Eddy Nigg said:-
Robin Alden:
f) refers to an SSL product which is limited in such a way that it isn't
generally usable on the public internet. We offer no warranty on the
product, and the main part of the domain validation is to ensure that
the
domain name in the certificate
Eddy Nigg wrote:-
(to Frank Hecker)
As per your comment in
https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you
state that no problematic practices associated with this CA,
but I found that in section 2.4.1 domain validated wild cards
are issued, which is listed in
Robin Alden wrote:-
Eddy Nigg wrote:-
Oh and f) is also interesting ;-), I wonder how many
localhost certificates were issued so far...
[Robin said...]
Not many! We do issue quite a number for organizations to use internally
on
other names, though.
E.g. if we have a server on our
Eddy,
[Robin said...]
Our main current objection to them is on grounds of maintaining a level
commercial playing field among all CAs (in the Mozilla root program).
Robin, just for your knowledge that most if not all CAs which have roots
in NSS, are commercial CAs. Most, if not all CAs,
In terms of getting concessions from individual CAs: In the past we
have held up approval of CA requests until we could be satisfied that
CAs were in compliance with specifically-called-out requirements of our
policy. For example, in a number of cases it wasn't clear at all from a
CA's CPS
But by issuing *domain validated* certificate for up to *ten years*,
without revalidation is completely irresponsible and borders on
gross
negligent.
[Robin said...]
I disagree. With a DV certificate the only thing that we are
warranting is
that the key holder controls the domain.
Robin, just to answer this one...
Robin Alden:
[Robin said...]
A fair point, and perhaps that is a whole other problem. Our CA
*does* have
roots in NSS.
This is correct. However your CA roots are considered legacy roots
which
were inherited from the Netscape era. Many critics
Eddy Nigg (StartCom Ltd.) wrote:
Robin, just to answer this one...
Robin Alden:
[Robin said...] A fair point, and perhaps that is a whole other
problem. Our CA *does* have
roots in NSS.
This is correct. However your CA roots are considered legacy roots
which
were inherited
Eddy,
The problem I'm seeing right now is, which isn't a problem of yours per
se, that if Mozilla approves the upgrade to EV status, your CA roots
will receive further anchors in the software, making it even more
difficult to receive the cooperation I'm seeking on the issues, not
speaking
Frank,
No. I'm simply stating that there are CA-related issues which may not
warrant us having a formal policy on, but which we may have an opinion
on that we want to express.
To take another example: our policy doesn't address the issue of whether
CAs issue end entity certs directly from
in this
forum, if possible.
Regards
Robin Alden
Comodo CA Limited.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eddy Nigg
(StartCom Ltd.)
Sent: 24 March 2008 02:38
To: Frank Hecker
Cc: dev-tech-crypto@lists.mozilla.org
Subject: Re: Comodo request for EV-enabling 3
- although Comodo does have the
right to continue using the root CA certificates which we purchased from
them and which bear the AddTrust name.
Robin Alden
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org
issuing wildcard products.
Regards
Robin Alden
Comodo
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
to commit
fraud.
Regards
Robin Alden
Comodo CA Limited
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
of information that we would have gathered for 4.2.1.
The 3rd party databases mentioned are the domain registries (for Whois records)
or the jurisdictions of incorporation (for evidence of legal existence and
correctness of address details, etc, of the legal entity).
Regards
Robin Alden
Comodo CA Ltd
19 matches
Mail list logo