Gervase Markham wrote: > Eddy Nigg (StartCom Ltd.) wrote: >>> Let's assume for the sake of argument that we are no longer happy >>> about FlySSL's business. >> You mean, you are not happy anymore about Geotrust/Comodo business? >> Regfly has no connection to Mozilla whatsoever... > > Indeed not. > > I guess it depends how their business operates. If they just get details > from applicants and pass them on to Geotrust and Comodo for > verification, then we don't have a problem. However, if Registerfly are > responsible for verifying part or all of the data, there is an increased > risk that erroneous certificates could be issued.
Shouldn't Geotrust/Comodo's CPS cover all these kinds of questions? If not they are in breach and they should have direct obligations to Mozilla etc... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
