I would LOVE for Comodo to clean up its practices. Including "decertifying the CA that does not adhere to financial levels of control that is certified by a CA that does".
-Kyle H On Mon, Dec 29, 2008 at 5:44 PM, Grey Hodge <g...@burntelectrons.org> wrote: > On 12/29/2008 4:46 PM Eddy Nigg cranked up the brainbox and said: >> The amount of customers never was a known criteria of CAs business >> practices ever. > > I also don't know how many Credit cards Bank of America issues, but I can > guess with reasonable accuracy. > >> Isn't the responsibility of a CA this size much greater and breach of >> trust going to affect many? Is a breach of trust justified and >> acceptable because of the size of a CA or shouldn't that CA provide >> extra care? > > Considering the KNOWN size of the breach, a maximum of 111 certs, less than > ten percent of which could not be verified in 2 days, only 2 of which were > confirmed to be fraudulent (both your attempts), I don't think this requires a > revocation. If we /can/ resolve this issue without revoking, why shouldn't we? > >> (For your knowledge, Netcraft confirms > > There's a reason "netcraftconfirmsit" is a tag on Slashdot, and it's not > because Netcraft is a bastion of statistical rigor. > > My point still stands. Revoking Comodo certs would be a needlessly messy and > painful endeavour, and should be avoided if the situation can be resolved > elsewise. So far, I have no reason to believe Comodo can't tighten up their > practices without nuking millions of web surfers. > > -- > Grey Hodge > email [ grey @ burntelectrons.org ] > web [ http://burntelectrons.org ] > tag [ Don't touch that! You might mutate your fingers! ] > motto [ Make everything as simple as possible, but no simpler. - Einstein ] > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto