Has any public CA ever had their certificate revoked?
R. Hirschfeld
ray at unipay.nl
Fri May 8 12:02:18 EDT 2009
> Date: Tue, 5 May 2009 10:17:00 -0700
> From: Paul Hoffman <paul.hoffman at vpnc.org>
> the CA fixed the problem and researched all related problems that it
> could find.
>From what I've read of the incident (I think it's the one referred
to), Comodo revoked the bogus mozilla.com cert and got their reseller
Certstar (who issued it) to start performing validation. Security
common sense might suggest that they validate all certs previously
issued by Certstar and check the validation procedures of their other
resellers. Do you know whether they did so? The former seems a major
undertaking and commercially delicate.
Ray
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list