I am a private software developer. I am not a business wanting to advertise my services to anyone and made that very clear to Comodo when I requested a code signing certificate.
However, for whatever unfathomable reason, Comodo requires me to publish my person phone number in an internet directory of a “trusted 3rd party” so they can then look it up and then call me to verify my number.
Ok, firstly I have to put the number in the directory. Me… The person you are trying to verify. I could get a $2 SIM card put it in a phone, publish the number then throw the SIM/phone away. How does this in any way, shape or form add some level of verification/security to the process? Its a no brainer that this is a flawed idea and needs to go. It might have been relevant 20 years ago when people had a phone listed in the big printed phone book that came to your house but not anymore!
Now secondly, back to my mobile phone number. I develop data forensics software used by government departments and other people to investigate criminals computers. The names of my products are information anyone can access who is involved but due to policy that makes no sense in point #1, i have to publish this information on the internet for anyone to see! I really don’t want these people having my contact information!
The invasion of my privacy for this ludicrous idea of making things secure and verified is beyond me. Not to mention ill probably have every telemarketer scan my online listing within a day and spam me with business offers and calls.
To make matters worse, i couldnt even send in my telephone bill which shows my business details, personal name/address and of course the phone number. Apparently this isnt proof enough but I can enter whatever I want in online and thats taken for gospel!?
I manage the security of countless servers using SSL products and I can tell you what, as of next renewal I can guarantee there will be ZERO of these systems using a Comodo product. Also none of my clients who use code signing on their products will be using Comodo again after this.
I have been purchasing my code signing certs from Comodo for years now, this has NEVER EVER been an issue before. I have NEVER had a phone call from Comodo to verify my identity. I have NEVER had to publish my person details online which any primary school student can tell you these days is a bad idea…
All I have been trying to do is sign an EXE file so i can send it to a client. Its now 2 weeks late because of this messing around and I still dont have a ■■■■ certificate!!