[cabfpub] EV Code Signing maximum validity
Rob Stradling
rob.stradling at comodo.com
Fri Apr 12 13:16:48 MST 2013
On 12/04/13 20:39, Eddy Nigg (StartCom Ltd.) wrote:
> On 04/12/2013 10:23 PM, From Rob Stradling:
>> Jeremy wrote "The risk with long-term EV Code Signing certs is
>> primarily a loss of the private key, which is why we required a
>> hardware token."
>>
>> I have to agree that "loss of the private key" is a significant problem.
>
> There is no reason to deny it and I agree as well - however, were those
> EV validated certificates (or validated to the same level)?
I'm guessing they weren't. But why would the level of validation have
any bearing on how hard/easy it is to steal the Subscriber's private key?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list