Paul Hoffman wrote:
Peter Gutmann asked on a different mailing list:
Subject says it all, does anyone know of a public, commercial CA (meaning one
baked into a browser or the OS, including any sub-CA's hanging off the roots)
ever having their certificate revoked? An ongoing private poll
Frank Hecker wrote, On 2009-05-12 11:32:
Paul Hoffman wrote:
Peter Gutmann asked on a different mailing list:
Subject says it all, does anyone know of a public, commercial CA
(meaning one baked into a browser or the OS, including any sub-CA's
hanging off the roots) ever having their
On 05/12/2009 09:45 PM, Nelson B Bolyard:
Was Peter referring to the general requestion of a public CA having its
root removed from a browser for whatever reason? Or was he specifically
referring to a public CA having a root key compromised and thus having
the root revoked?
Frank, As I
On 3/5/09 15:32, Ben Bucksch wrote:
On 03.05.2009 09:06, Ian G wrote:
(5) possibly as consequence of all the above, it can be claimed that
it is an empty threat, and no more than a security/marketing tool for
PKI people.
Consequently, we need to either:
* Make that threat not empty
This is
On 3/5/09 15:43, Eddy Nigg wrote:
On 05/03/2009 10:06 AM, Ian G:
(2), there exists a standard need in audits to discuss disaster
recovery. Curiously, this does not appear to be documented anywhere,
draw your own speculations
It's usually addressed in internal CA documentations and
On 05/04/2009 09:12 AM, Ian G:
On 3/5/09 15:43, Eddy Nigg wrote:
That's not entirely correct, legacy CAs which requested EV enabled had
to go through the process as if they were new roots. See also the
current thread of Verizon/Cybertrust.
Ah! Well corrected. I did not know that. Are you
On 2/5/09 17:50, Paul Hoffman wrote:
Peter Gutmann asked on a different mailing list:
Subject says it all, does anyone know of a public, commercial CA (meaning one
baked into a browser or the OS, including any sub-CA's hanging off the roots)
ever having their certificate revoked? An ongoing
On 05/03/2009 10:06 AM, Ian G:
(2), there exists a standard need in audits to discuss disaster
recovery. Curiously, this does not appear to be documented anywhere,
draw your own speculations
It's usually addressed in internal CA documentations and audited
accordingly. Disaster
Ben Bucksch wrote:
FWIW, I have removed Comodo from my browser's roots, and I have
encountered only 2 sites recently which used it, despite going to quite
some online shopping sites (SSL part).
So did I and I did not encounter any sites I accessed since then being
affected by this.
Ciao,
Peter Gutmann asked on a different mailing list:
Subject says it all, does anyone know of a public, commercial CA (meaning one
baked into a browser or the OS, including any sub-CA's hanging off the roots)
ever having their certificate revoked? An ongoing private poll hasn't turned
up anything,
10 matches
Mail list logo
