[cabfpub] EV Code Signing maximum validity

Rob Stradling rob.stradling at comodo.com
Fri Apr 12 20:16:48 UTC 2013

On 12/04/13 20:39, Eddy Nigg (StartCom Ltd.) wrote:
> On 04/12/2013 10:23 PM, From Rob Stradling:
>> Jeremy wrote "The risk with long-term EV Code Signing certs is
>> primarily a loss of the private key, which is why we required a
>> hardware token."
>> I have to agree that "loss of the private key" is a significant problem.
> There is no reason to deny it and I agree as well - however, were those
> EV validated certificates (or validated to the same level)?

I'm guessing they weren't.  But why would the level of validation have 
any bearing on how hard/easy it is to steal the Subscriber's private key?

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list