> Date: Tue, 5 May 2009 10:17:00 -0700
> From: Paul Hoffman <paul.hoff...@vpnc.org>

> the CA fixed the problem and researched all related problems that it
> could find.

>From what I've read of the incident (I think it's the one referred
to), Comodo revoked the bogus mozilla.com cert and got their reseller
Certstar (who issued it) to start performing validation.  Security
common sense might suggest that they validate all certs previously
issued by Certstar and check the validation procedures of their other
resellers.  Do you know whether they did so?  The former seems a major
undertaking and commercially delicate.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to