[144435] in cryptography@c2.net mail archive
Re: Has any public CA ever had their certificate revoked?
daemon@ATHENA.MIT.EDU (R. Hirschfeld)
Fri May 8 13:16:26 2009
Date: Fri, 8 May 2009 18:02:18 +0200
From: "R. Hirschfeld" <ray@unipay.nl>
To: paul.hoffman@vpnc.org
CC: pgut001@cs.auckland.ac.nz, dan@geer.org, thierry.moreau@connotech.com,
cryptography@metzdowd.com
In-reply-to: <p06240812c62623405622@[10.20.30.158]> (message from Paul Hoffman
on Tue, 5 May 2009 10:17:00 -0700)
Reply-to: ray@unipay.nl
> Date: Tue, 5 May 2009 10:17:00 -0700
> From: Paul Hoffman <paul.hoffman@vpnc.org>
> the CA fixed the problem and researched all related problems that it
> could find.
>From what I've read of the incident (I think it's the one referred
to), Comodo revoked the bogus mozilla.com cert and got their reseller
Certstar (who issued it) to start performing validation. Security
common sense might suggest that they validate all certs previously
issued by Certstar and check the validation procedures of their other
resellers. Do you know whether they did so? The former seems a major
undertaking and commercially delicate.
Ray
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
