> Date: Tue, 5 May 2009 10:17:00 -0700 > From: Paul Hoffman <paul.hoff...@vpnc.org>
> the CA fixed the problem and researched all related problems that it > could find. >From what I've read of the incident (I think it's the one referred to), Comodo revoked the bogus mozilla.com cert and got their reseller Certstar (who issued it) to start performing validation. Security common sense might suggest that they validate all certs previously issued by Certstar and check the validation procedures of their other resellers. Do you know whether they did so? The former seems a major undertaking and commercially delicate. Ray --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com