At 6:02 PM +0200 5/8/09, R. Hirschfeld wrote:
> > Date: Tue, 5 May 2009 10:17:00 -0700
>> From: Paul Hoffman <>
> > the CA fixed the problem and researched all related problems that it
>> could find.
>>From what I've read of the incident (I think it's the one referred
>to), Comodo revoked the bogus cert and got their reseller
>Certstar (who issued it) to start performing validation. 


>common sense might suggest that they validate all certs previously
>issued by Certstar and check the validation procedures of their other
>resellers.  Do you know whether they did so? 

Comodo publicly said they did. That's why I said "researched all related 
problems that it could find".

>The former seems a major
>undertaking and commercially delicate.

And yet they appear to have done it.

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to