Hi, thank you for pointing the above Here is our response: Section 1.3.2.5 We have corrected our CPS now that only limited actions could be performed by DTP's And they cannot perform domain validation.
Section 3.2.2.4 We are aware of the problems with the methods that have been raised, we thought that as long as they are permitted in the BR we would keep them included on our CPS, of course that we prefer not to use them and will use the more secured methods like 3.2.4.4.2, 3.2.4.4.3 etc. >After reviewing the January Communication we have removed the problematic >methods from our CPS entirely. Section 3.2.2.8 As Ryan mentioned Comsign’s CAA identifier is documented on section 4.2.1.1(v) We also added it in section 3.2.2.8 now Section 3.4 I do not understand why does Ryan claim that a domain holder cannot request a revocation in case of misissuance, it clearly states that any subscriber could revoke any certificate for any reason he seems fit as long as they are identified. You can see all the updates on our CPS in our site repository: https://www.comsign.co.il/repository/ on our UK site: https://www.comsign.co.uk/?page_id=1282 and in this link as well: https://s3-us-west-2.amazonaws.com/comsign/CPS/CPS_4.1_eng.pdf Particularly Concerning The software we are currently using is RSA CA 6.7 on Solaris. As we mentioned we are now under audit on the new Microsoft CA and in the process of moving to that software instead of our old software. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
