At 1:45 AM +0200 12/24/08, Eddy Nigg wrote: >Paul, you are disappointing me! I have not heard one critical word from you >about this incident,
What would be added by me joining the choir? Clearly, Comodo made a mistake in trusting (at least) one of its resellers. The mistake was laid bare, and the folks who might remove Comodo from the root pile are following the issue, probably more closely than they are letting on. Do you really think "oh, but if only Paul Hoffman would be critical, then things will really change"? FWIW, I would be shocked if you could not get the same result (a cert without sufficient checking of the domain) for a lower-profile domain name from at least five other resellers of other CAs in the root pile. You tried to find this one because this particular reseller tried to steal your customers in a slimy fashion, but you could probably find other resellers (possibly even Comodo resellers) who are just as lax. > instead you are criticize *me*? Yes. >C'mon, give me a break! You are repeatedly using this list as a springboard to criticize a competitor. When you didn't get your way instantly, you made threats against Mozilla, an organization for which many of us have a lot of respect. No break is justified. >I reported that my employees can see the supposedly private control panel of >this reseller - what else is needed to get this site down? I guess you aren't reading the responses from the people on the thread that might not be as upset as you are. That question was already answered. >>And, yes, I'm serious. Given that Startcom has the ability to issue bogus >>certificates like the kind that Eddy is threatening, I would think that a >>public statement like the above is relevant to Mozilla or Microsoft deciding >>whether or not the organization is trustworthy. > >I don't need the services of Comodo for that, if I would have ever wanted to >that, I could do so long time ago. Yes, exactly. And you, the COO/CTO of a trusted CA, are making public threats that would be the equivalent of that. I understand that you don't think that is a problem; please understand that other might think it is. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto