 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | reply to MarkAW
Re: Comodo DNS vs OpenDNS..... said by MarkAW:[Hmmm lets see the fiasco with the Certificates for one. You mean the one where the bad guys were serving malware from a Comodo-SSL bearing site, and where Comodo revoked the cert within 24 hours?
Or is there something else? |
|
 ZZZZZZZPremium
join:2001-05-27
PARADISE | »www.wilderssecurity.com/showthre···t=242453
--
~~Get our troops home...now!!~~ |
|
|
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | I don't get it - lots of companies offer domain validation certs, it's automated (I have tons of DV certs from GoDaddy - they've never checked into me).
I looked at the Wilders thread, and other places as well, and I still don't get what the beef is. You can't tell from a domain name whether it's gonna be bad or not, and the whole purpose of DV certs is that they're cheap and fast.
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site |
|
ZZZZZZZPremium
join:2001-05-27
PARADISE | That's fine if you choose to trust them.
After this and the way they treated [lied] to all Boclean users.......I will never install or use 1 of their products ever.
--
~~Get our troops home...now!!~~ |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | I have no dog in this fight, and I only care about making an accurate assessment of risk. I am seriously open to input (I'm considering a code-signing cert from Comodo).
My suspicion: they offer domain-validated certs cheaper than others, so they get lots of interest... including from the bad guys. I don't have any evidence that they have done anything to encourage the bad guys in particular, other than offering a product that the broad market finds attractive.
I don't know anything about the Boclean matter, and (as a disinterested party) am not sure I'd care all that much.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site |
|
 NetFixerFreedom is NOT freePremium
join:2004-06-24
The 'Boro
 ·Vonage
 ·Cingular Wireless
 ·Comcast
 ·AT&T Southeast
| said by Steve:I have no dog in this fight, and I only care about making an accurate assessment of risk. I am seriously open to input (I'm considering a code-signing cert from Comodo). I don't have a code-signing certificate from Comodo, but I (and several clients) do have web server certificates from Comodo, and in each case only a temporary 30 day certificate was initially issued until Comodo checked to verify the validity of the applicant. In my case, I know that they contacted D&B because I got a heads up from them that Comodo had made an inquiry.
I think most of the animosity from some of the regulars here and in other "security" forums is due to dissatisfaction with some of the Comodo PC software. I don't have a dog in that fight either since I have never used any of their PC software.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Steve
said by Steve:said by MarkAW:[Hmmm lets see the fiasco with the Certificates for one. You mean the one where the bad guys were serving malware from a Comodo-SSL bearing site, and where Comodo revoked the cert within 24 hours? Or is there something else? I'm sure you are aware of the Mozilla situation and also the situation regarding Comodo continuing to issue certs to known malware providers. So, what is with the deliberate obtuseness?
I know you have little to no respect for my opinion but I have continued to have respect for your opinions in this forum and sometimes I have agreed with your opinion. I suggest that before you make a very foolish decision regarding acquiring a Comodo code-signing cert that you do some research into the business ethics of the CEO of Comodo.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by Mele20: I'm sure you are aware of the Mozilla situation and also the situation regarding Comodo continuing to issue certs to known malware providers. Comodo revoked the Mozilla.com cert when the problem was pointed out, suspended the registrar (PositiveSSL), and have looked into why this happened. Shenanigans happen with certs all the time - people have managed to perform fake transfers of big domains with other providers too.
As to the selling certs to known-malware, I haven't seen any evidence that this is anything other than bad guys abusing the entire low-assurance cert process.
Is there some procedure or policy that keeps (say) GoDaddy from doing the same thing? Or is it just that Comodo is cheaper?
Steve — really, I'm not being obtuse.
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site |
|
