[EMAIL PROTECTED] wrote in May: > Hi, Frank, et. al. > > COMODO has been offering FREE fully signed certs: > http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html?currency=USD®ion=North%20America&country=US > (since 2002: > http://www.instantssl.com/ssl-certificate-news/ssl-171202.html ). This > is worse than Bug 290491. And several people responded.
Clarifications: Yes, they're only valid for 30 days. That's 30 days too long for a fully signed, real cert based on unvalidated information to exist. The problem isn't that they're free. The problem is that they appear to violate any reasonable security policy I can think of. Frank's proposed policy doesn't require certs to be non-free. I'm really pissed at Mozilla drivers' stalling on this issue. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
