At 6:02 PM +0200 5/8/09, R. Hirschfeld wrote: > > Date: Tue, 5 May 2009 10:17:00 -0700 >> From: Paul Hoffman <paul.hoff...@vpnc.org> > > > the CA fixed the problem and researched all related problems that it >> could find. > >>From what I've read of the incident (I think it's the one referred >to), Comodo revoked the bogus mozilla.com cert and got their reseller >Certstar (who issued it) to start performing validation.
Correct. >Security >common sense might suggest that they validate all certs previously >issued by Certstar and check the validation procedures of their other >resellers. Do you know whether they did so? Comodo publicly said they did. That's why I said "researched all related problems that it could find". >The former seems a major >undertaking and commercially delicate. And yet they appear to have done it. --Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
