[EMAIL PROTECTED] wrote:
Registerfly.com is also an SSL issuer, both for Geotrust and on its own account, mainly of low end SSL. Should those be revoked or transferred to another CA? What's Moz's position on a failing CA?
Good question. Do you have an example of a domain with a certificate issued by Registerfly?
I suspect they are a Geotrust reseller, in which case it's Geotrust's responsibility to make sure nothing untoward happens.
But you are right - we have historically not been good at making sure that CAs are held responsible for their sub-CAs and resellers.
Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
