Author Topic: Comodo and the ongoing trust saga  (Read 1865 times)

0 Members and 1 Guest are viewing this topic.

July 12, 2009, 03:46:56 pm
Read 1865 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Comodo and the ongoing trust saga
 
Quote
Several issues were brought to light about Comodo over the past lord knows how long, and the latest incident, as with many before it, concern their SSL certs. In this case, Melih's defense is that these are DV certs, and thus do not require "validation" as to the identity of the person obtaining such - this might be the case, but when your tag line is "Creating Trust Online", your defense should NOT be to try and slag off those bringing such to light, or telling them to get in touch with someone else to get this sorted out - IT IS YOUR COMPANY, YOUR CERTIFICATES - YOUR PROBLEM!

If DV certs do not require validation as to the identity or anything else, of the person obtaining such, there's a simple solution - STOP PROVIDING THEM!. Surely you have a choice as to the type of certificate you can issue?

Even if you are forced to offer DV certs, you still have a responsibility to monitor the use of such, and if you don't have the staff to do so, then either hire more staff or STOP ISSUING CERTIFICATES UNTIL YOU HAVE THE INFRASTRUCTURE TO PROPERLY MONITOR SUCH!.

http://hphosts.blogspot.com/2009/07/comodo-and-ongoing-trust-saga.html
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net