It is an interesting aspect that the Mozilla community has not discussed thoroughly, or at all.
Cross-signing a third party intermediate cert is equivalent to sharing of trust, that any CA should only consider it with extreme care. Is it possibly know how many intermediate cert that is cross-signed by Comodo? Is there any Comodo's practice statement of cross-signing ? Comodo seems to be quite keen on this kind of business even after the lesson learn from its last incident in 2011 (https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/). On 10/5/2016 4:43 AM, Kurt Roeckx wrote: > I can't remember if there were other cross signatutures. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
