Comment 25 for bug 310999
Revision history for this message
|
|
#25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
I think there are some open questions here, including:
a) How many resellers were selling certs subordinate to that same PositiveSSL
CA cert?
Do we know that the number is more than 1?
If that number is only one, then replacing that CA cert seems to exactly fit
the scope of the (potential) problem.
If that number is more than 1, then the second question is:
b) Did all those resellers share a common DV checking service?
Or did each provide its own DV checking independently?
If all the resellers of certs subordinate to that CA cert shared a common
DV checking service, then again, replacing that CA certs seems to fit the
scope of the potential problem.
Only if multiple resellers shared the same issuer cert, but each had its
own DV checkins facility, does replacing the CA cert not fit the scope of
the potential problem, IMO.