[cabfpub] Revised document for Ballot 89 - Adopt Requirements for the Processing of EV SSL Certificates v.2

Robin Alden robin at comodo.com
Wed Oct 17 12:00:06 UTC 2012


In the general case a CA cannot certify that a site is legal, decent, honest, and truthful because it cannot know that.
That is not at all the same thing as saying that CAs want to issue certificates to criminal and innocent alike.

Comodo, too, revoke certificates where we become aware of illegal activity.

That might prompt the question - 'Who says it's illegal?'.
And there, I guess, we come to a gap because although Comodo's CPS cites English Law we do not look to the English Legal system to make judgement before we revoke a certificate for 'illegality' - so from an outsider's point of view our standard is ultimately, I suppose, arbitrary.

Robin


> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Moudrick M. Dadashov
> Sent: 17 October 2012 09:33
> To: Gervase Markham
> Cc: public at cabforum.org
> Subject: Re: [cabfpub] Revised document for Ballot 89 - Adopt
> Requirements for the Processing of EV SSL Certificates v.2
> 
> On 10/17/2012 11:14 AM, Gervase Markham wrote:
> > On 17/10/12 00:00, Jeremy Rowley wrote:
> >> I imagine all CAs have a similar policy, which is why I found Gerv’s
> >> question on the subject rather surprising.
> > The question arose because I seem to remember in the past that there
> > was a strong current of opinion that certificates were about identity,
> > not trustworthiness, and that determining what is illegal in the
> > jurisdiction of an abitrary website is not something CAs wanted to get
> > into the business of doing. But perhaps I misremember, or perhaps the
> > situation has changed.
> I'm afraid you don't misremember and nothing actually has changed,
> certificates by their definition are still about identities that hold privet
> keys corresponding to the public keys in their certificates. So anybody
> can issue certificates and issuer's trustworthiness assessed by third
> parties using different trust mechanisms. Information in a certificate may
> help you to find those assessment bodies.
> 
> Things like what to do with an arbitrary website is subject to local
> jurisdiction regulation and/or contractual relationship between the cert
> issuer and the cert holder.
> 
> Thanks,
> M.D.
> >
> > Gerv
> >
> > _______________________________________________
> > Public mailing list
> > Public at cabforum.org
> > https://cabforum.org/mailman/listinfo/public
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5246 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121017/f1c619e7/attachment-0002.p7s>


More information about the Public mailing list