Has any public CA ever had their certificate revoked?

Paul Hoffman paul.hoffman at vpnc.org
Fri May 8 12:08:03 EDT 2009


At 6:02 PM +0200 5/8/09, R. Hirschfeld wrote:
> > Date: Tue, 5 May 2009 10:17:00 -0700
>> From: Paul Hoffman <paul.hoffman at vpnc.org>
>
> > the CA fixed the problem and researched all related problems that it
>> could find.
>
>>From what I've read of the incident (I think it's the one referred
>to), Comodo revoked the bogus mozilla.com cert and got their reseller
>Certstar (who issued it) to start performing validation. 

Correct.

>Security
>common sense might suggest that they validate all certs previously
>issued by Certstar and check the validation procedures of their other
>resellers.  Do you know whether they did so? 

Comodo publicly said they did. That's why I said "researched all related problems that it could find".

>The former seems a major
>undertaking and commercially delicate.

And yet they appear to have done it.

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list