Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: MysteryFCM on July 12, 2009, 03:46:56 pm

Title: Comodo and the ongoing trust saga
Post by: MysteryFCM on July 12, 2009, 03:46:56 pm
Comodo and the ongoing trust saga
Several issues were brought to light about Comodo over the past lord knows how long, and the latest incident, as with many before it, concern their SSL certs. In this case, Melih's defense is that these are DV certs, and thus do not require "validation" as to the identity of the person obtaining such - this might be the case, but when your tag line is "Creating Trust Online", your defense should NOT be to try and slag off those bringing such to light, or telling them to get in touch with someone else to get this sorted out - IT IS YOUR COMPANY, YOUR CERTIFICATES - YOUR PROBLEM!

If DV certs do not require validation as to the identity or anything else, of the person obtaining such, there's a simple solution - STOP PROVIDING THEM!. Surely you have a choice as to the type of certificate you can issue?

Even if you are forced to offer DV certs, you still have a responsibility to monitor the use of such, and if you don't have the staff to do so, then either hire more staff or STOP ISSUING CERTIFICATES UNTIL YOU HAVE THE INFRASTRUCTURE TO PROPERLY MONITOR SUCH!.