But by issuing *domain validated* certificate for up to *ten years*,
without revalidation is completely irresponsible and borders on
gross
negligent.
[Robin said...]
I disagree. With a DV certificate the only thing that we are
warranting is
that the key holder controls the domain.
Robin, I have a request to make. Lets put aside for a minute the
procedural matters and let me ask you a few questions:
- We are not seeking to cause any harm to Comodo or unilaterally remove
the roots from NSS. However can we seek the cooperation on the issues
which were raised and is Comodo
Robin, just to answer this one...
Robin Alden:
[Robin said...]
A fair point, and perhaps that is a whole other problem. Our CA *does* have
roots in NSS.
This is correct. However your CA roots are considered legacy roots which
were inherited from the Netscape era. Many critics have
Robin, just to answer this one...
Robin Alden:
[Robin said...]
A fair point, and perhaps that is a whole other problem. Our CA
*does* have
roots in NSS.
This is correct. However your CA roots are considered legacy roots
which
were inherited from the Netscape era. Many critics
Eddy Nigg (StartCom Ltd.) wrote:
Robin, just to answer this one...
Robin Alden:
[Robin said...] A fair point, and perhaps that is a whole other
problem. Our CA *does* have
roots in NSS.
This is correct. However your CA roots are considered legacy roots
which
were inherited
Robin Alden wrote:
Issuing
long-lived DV certs and wildcard DV certs may be particular practices
worth our having some formal positions on, even if they're not
addressed
by our official policy.
[Robin said...]
There I have to disagree to some degree.
You have a policy which tells us
At 11:09 PM -0400 3/25/08, Frank Hecker wrote:
As long as
domain names can be re-registered to different owners, there is always
this potential to some degree. It doesn't matter whether the cert
lifetime is 10 years, 1 year, or 1 week.
Exactly right. A CA re-affirms the binding between the public
Robin Alden:
- We are not seeking to cause any harm to Comodo or unilaterally remove
the roots from NSS. However can we seek the cooperation on the issues
which were raised and is Comodo willing to address this issues in good
faith?
[Robin said...] We are willing to address issues which
Robin Alden:
From Frank's most recent reply I accept the reason for the consideration of
all aspects of our operation, but perhaps that separation should be made
more clear between those matters we are discussing here which are relevant
to the EV enabling of our roots within (what we hope to
Subrata Mazumdar wrote:
Hi,
is there any way I can find the certificate associated with a public key
using
the SubjectPublicKeyInfo (CERTSubjectPublicKeyInfo)?
I am looking for public API and not too low level.
I looked in the .../nss/certdb/cert.h and .../nss/pk11wrap/pk11pub.h
files -
Eddy,
The problem I'm seeing right now is, which isn't a problem of yours per
se, that if Mozilla approves the upgrade to EV status, your CA roots
will receive further anchors in the software, making it even more
difficult to receive the cooperation I'm seeking on the issues, not
speaking
Frank,
No. I'm simply stating that there are CA-related issues which may not
warrant us having a formal policy on, but which we may have an opinion
on that we want to express.
To take another example: our policy doesn't address the issue of whether
CAs issue end entity certs directly from
12 matches
Mail list logo
