Comodo credibility crisis
- From: Peter Pearson <ppearson@xxxxxxxxxxxxxxx>
- Date: 23 Dec 2008 23:29:06 GMT
Comodo is a Certificate Authority whose root certificates
have the honor of being in Firefox's built-in certificate
set. They seem to have made The Big Mistake by lending
their credibility to a reseller who signed a cert for
Eddy Nigg in the name of mozilla.com:
(http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/9c0cc829204487bf)
Eddy Nigg was alarmed that no sort of checking was done to
verify his authority, and he blew the whistle on them.
Comodo will presumably "fix" this problem by revoking a
few certificates and ostracizing the offending reseller,
but I would argue that a CA's promise that the Bad Thing
will never happen is far more valuable than a promise that
it won't happen *again*.
--
To email me, substitute nowhere->spamcop, invalid->net.
.
- Follow-Ups:
- Re: Comodo credibility crisis
- From: Mark Wooding
- Re: Comodo credibility crisis
- From: Phil Carmody
- Re: Comodo credibility crisis
- Prev by Date: Re: SHA-3 Round 1 Candidates announced
- Next by Date: Re: Comodo credibility crisis
- Previous by thread: Symposium “Visualization and Human-Computer” within the IRF’2009 Conference – Announce & Call for Papers
- Next by thread: Re: Comodo credibility crisis
- Index(es):
Relevant Pages
|
