Gervase Markham wrote:
You mean, you are not happy anymore about Geotrust/Comodo business?
Regfly has no connection to Mozilla whatsoever...
Indeed not.
Well, what I meant is, that Regfly has not direct responsibility to
Mozilla. They are not a CA root, therefore the parent CA is responsible
for it....
I guess it depends how their business operates. If they just get
details from applicants and pass them on to Geotrust and Comodo for
verification, then we don't have a problem. However, if Registerfly
are responsible for verifying part or all of the data, there is an
increased risk that erroneous certificates could be issued.
Right! I asked previously, if you suspect if certificates were issued
fraudulent or if verifications were not performed...If they were
operating as an intermediate CA (compared to simple reseller), than
there indeed might be an increased risk, however the parent CA still has
the overall responsibility and you perhaps should discuss this issue
with them. A good check would be, if CRLs are still updated and
revocations still performed...I think the later might be a problem, if
they ceased to function correctly (as they did with the domains).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
