Tuesday, May 26, 2009

The Tech Herald: Criminals using Comodo to attempt legitimacy

In his report on the recent Comodo controversy, The Tech Herald writer, Steve Ragan, added information everyone else missed:

The ten thousand dollar question, which no one asked of Mr. Abdulhayoglu, was why Comodo offers DV certificates free for 90-days.

“A free SSL certificate will secure your site and begin building trust,” Comodo’s site states, adding that a free SSL certificate is, “the same as our paid Essential SSL” They even promise no, “faxes, no paperwork and no delays - get the golden padlock within minutes and be ready to sell online.” How is this not making an offer to encrypt data for a recipient you have not verified?

Mr. Ragan also contacted VeriSign since they were mentioned in the discussions. A VeriSign spokesperson told The Tech Herald, “RapidSSL, Thawte, and GeoTrust are the only brands VeriSign issues DV certificates from.”

This additional information was provided by VeriSign, further illustrating that poor practices are not in place by other certificate authorities:

“The system we have in place automatically rejects obviously fraudulent sites and kicks anything questionable to a manual approval. And if anyone flags a site as malicious, we have a team that investigates these and revokes the certificate if found to be malicious/fraudulent.”

Jay Schiavo, Product Manager at VeriSign, mirrored that thought by adding, “For GeoTrust and RapidSSL we have the ability to revoke a cert issued to a malicious or rogue site instantaneously. The cert will then show up on our CRLs immediately."

Read Steve Ragan's article in The Tech Herald: Criminals using Comodo to attempt legitimacy

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: