Eddy Nigg (StartCom Ltd.) wrote:
1.) Is it possible to get a list of the currently active issuing
intermediate CA certificates of each CA root *currently* for
consideration? It would be interesting to know which of these issue EV,
both or non-EV.
I *think* what you're looking for is in
Nelson Bolyard wrote:
Wow! I'd say that a CA that says You cannot rely on our certs for
eCommerce should not be trusted for SSL by default in Mozilla products!
Of course, that's a policy issue. Frank, what do you think?
It is a policy issue, and we've had this discussion before. My point
Eddy Nigg (StartCom Ltd.) wrote:
This particular part DOES bother you, because wild card certificates
aren't controllable in the same way as regular ones. A seemingly
innocent domain name can become a tool for phishing. For example
*.domain.com matches paypal.domain.com and
Eddy Nigg (StartCom Ltd.) wrote:
Ohoommm...it doesn't say not to rely for e-commerce, but not to rely AT
ALL :-) It says, BECAUSE the certificates aren't meant to be for
e-commerce parties can not rely on it - any party - for any purpose -
do not qualify as a relying party.
After looking
Eddy Nigg (StartCom Ltd.) wrote:
Rob Stradling:
snip
For the record, I can assure you that Comodo never issue DV and EV
certs from the same Intermediate CA.
In that case we need to update our papers then. For example I've
received the following comment from Frank previously concerning
Frank Hecker:
Nelson Bolyard wrote:
Wow! I'd say that a CA that says You cannot rely on our certs for
eCommerce should not be trusted for SSL by default in Mozilla products!
Of course, that's a policy issue. Frank, what do you think?
It is a policy issue, and we've had this
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
This particular part DOES bother you, because wild card certificates
aren't controllable in the same way as regular ones. A seemingly
innocent domain name can become a tool for phishing. For example
*.domain.com matches paypal.domain.com
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
3.) Here a few questions in relation to the LiteSSL CPS:
snip
* 4.1 states that the enrollment process MAY include check for
domain ownership. This means that the checks can be omitted?
I think this is another case
This is a revised version of my initial questions concerning the Comodo
inclusion and upgrade requests. I've updated the sections which received
a response from Frank and are solved from my point of view and added
some more content where deemed necessary.
1.) The audit report for non-EV
Eddy Nigg (StartCom Ltd.):
4.) Frank, this one is for you:
Since most (if not all) CA root certificates of Comodo were inherited
from the Netscape era and never were properly evaluated by an inclusion
process and in light of the questions above, isn't a thorough review of
this CA in place
10 matches
Mail list logo