Here we go again..

[Guest]

[Endymion]

It would be nice for Comodo to change the DV issuing policy, if just for itself, to higher security standards.

That may be nice, but how should Comodo earn money then?

Improved standards ought to mean OV or EV certs but those are already there.

[LaserWraith]

Well then stop selling DV certs as those are damaging Comodo's reputation (which wasn't very good in some people's eyes in the first place)!

[Melih]

Honestly, I don't believe Comodo should be issuing certs.

As you know quite well, certs are not trustworthy as history has shown. They will always find a way to malicious sites. And for Comodo to be involved in anyway, a company involved in creating security,... well.....

Thing is,... you would think if anyone could issue certs properly, it would be a security company. But like I said earlier, that is highly unlikley as certs always find a way to bad sites.

Would you rather some other company who issued it that didn't try to fix certs and react so quickly?
How would that help end users?

At least Comodo is managing a very dangerous tool responsibly, imagine if Comodo wasn't there...there wouldn't be EV there wouldn't be a fast way revoking certs and that would not help end users! So Comodo's existence in the cert market has undoubtedly helped end users.

Melih

[Melih]

Well then stop selling DV certs as those are damaging Comodo's reputation (which wasn't very good in some people's eyes in the first place)!

I explained before why Comodo selling/providing DV is better than Comodo not providing it.

Melih

[Endymion]

Well then stop selling DV certs as those are damaging Comodo's reputation (which wasn't very good in some people's eyes in the first place)!

People are willing to damage Comodo's reputation whenever Comodo stopping to issue DV certs will not prevent such ill intentioned people to forge some other reason to complain nor affect the vast majority (90%) of DV certs issued by other (coincidentally neglected) CAs


Wherever DV certs were originally introduced at a later time than OV certs and browsers represented them both with the same padlock, it has been for a long time now that DV certs are not differentiated from higher standard OV certs thus generating confusion and possibly decreasing the utilization of OV certs.

DV certs  are not to be inherently trusted unless the user has a pre existing relationship with the organization and have specific knowledge that the web site does indeed belong to that organization.

It would be as simple as having endusers to be aware about this and have them regard a page with a DV cert like any plain http page with the only addition of encryption to secure the connection.

[slap happy]

People are willing to damage Comodo's reputation whenever Comodo stopping to issue DV certs will not prevent such ill intentioned people to forge some other reason to complain.....

When I was looking for a FW, doing research I found nothing but high praise of CIS and their support for their products. How I stumbled upon this affair, I don't remember. Maybe Softpedia with the toolbar thingy. To me that's not a big deal. Hey CIS is freeware and you gotta expect something like that.
But certs is a dirty business that should be steered way clear from.

Would you rather some other company who issued it that didn't try to fix certs and react so quickly?
How would that help end users?

At least Comodo is managing a very dangerous tool responsibly, imagine if Comodo wasn't there...there wouldn't be EV there wouldn't be a fast way revoking certs and that would not help end users! So Comodo's existence in the cert market has undoubtedly helped end users.

Melih

Well I don't see how, if like you said the tiny percentage Comodo has in digital certs, won't make a dent in improving the overall outlook of certs in general. Until you scrutinize the way you issue certs to begin with, I'm afraid this will never go away, and Comodo's reputation will suffer. Revoking certs quickly is not a solution for your problem.

[Endymion]

When I was looking for a FW, doing research I found nothing but high praise of CIS and their support for their products. How I stumbled upon this affair, I don't remember. Maybe Softpedia with the toolbar thingy. To me that's not a big deal. Hey CIS is freeware and you gotta expect something like that.
But certs is a dirty business that should be steered way clear from.

I guess the effort some people put in creating affairs should be evident whenever at times it also looks they are providing advices or concerns, it is not they will be able to make a big deal of everything while rubbing dirt whenever they please.

[slap happy]

I guess your talking about the stink with the toolbar? I'm not sure,... but then I never heard of Kahlil Gibran either.

Well to sum up,... I only voiced my concerns on this matter(certs), cause I believe it to be a very serious conflict of interest.

Just think of the day when a Malicious site you issued a cert to,... bypasses CIS.
Boy would that be a kick in the pants.... 

[Endymion]

I guess your talking about the stink with the toolbar? I'm not sure,... but then I never heard of Kahlil Gibran either.

Well to sum up,... I only voiced my concerns on this matter(certs), cause I believe it to be a very serious conflict of interest.

Just think of the day when a Malicious site you issued a cert to,... bypasses CIS.
Boy would that be a kick in the pants.... 

I guess even if that unlikely day won't come a lot of ill-advised people could dream of a kick landing in "Comodo's pants"

[Tags:]