IETF Logo Mail Archive

Re: [TLS] [pkix] Proposing CAA as PKIX Working Group Item

Yoav Nir <ynir@checkpoint.com> Wed, 08 June 2011 07:31 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E680121F8476; Wed, 8 Jun 2011 00:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.496
X-Spam-Level:
X-Spam-Status: No, score=-8.496 tagged_above=-999 required=5 tests=[AWL=0.498, BAYES_00=-2.599, DEAR_SOMETHING=1.605, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sm47PD2AzLe2; Wed, 8 Jun 2011 00:31:03 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id E7C8121F8475; Wed, 8 Jun 2011 00:31:01 -0700 (PDT)
X-CheckPoint: {4DEF3337-3-1B221DC2-FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id p587Tbhb017894; Wed, 8 Jun 2011 10:29:37 +0300
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 8 Jun 2011 10:29:36 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: koichi sugimoto <koichi.sugimoto@globalsign.co.jp>
Date: Wed, 08 Jun 2011 10:29:35 +0300
Thread-Topic: [pkix] [TLS] Proposing CAA as PKIX Working Group Item
Thread-Index: AcwlrdFQ52d6dZUqTy+rISP51yR8yw==
Message-ID: <D2D0D1AD-5499-4D1B-BE2D-957A3C9847FB@checkpoint.com>
References: <E1QSKXu-0000S2-2s@login01.fos.auckland.ac.nz> <81856AC0-F6FB-4321-93FE-559D5C5E2743@checkpoint.com> <BANLkTikbWz=Y0VfqcfC+xXuV5voLA_gtGg@mail.gmail.com>
In-Reply-To: <BANLkTikbWz=Y0VfqcfC+xXuV5voLA_gtGg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "pkix@ietf.org" <pkix@ietf.org>, "paul.hoffman@vpnc.org" <paul.hoffman@vpnc.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [pkix] Proposing CAA as PKIX Working Group Item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 07:31:04 -0000

On Jun 7, 2011, at 4:31 AM, koichi sugimoto wrote:

> Dear Sirs,
> 
> I've heard the fact was as follows:
> 
> -------------------------------------------------------------------------
> Paul Tourret and Steve Waite were independent agents assigned the
> responsibility of sales and marketing for the RapidSSL brand, acting under
> a company called Certification Services Ltd (CSL). Verisign served
> termination notice to CSL immediately after the announcement of the
> GeoTrust acquisition. CSL then later changed its name to GlobalSign
> Limited following successful acquisition of GlobalSign NV. RapidSSL.com
> was, and always had been, an SSL brand owned in full by GeoTrust Inc.
> GeoTrust elected to represent the brand as a business unit and as
> mentioned above, Paul Tourret and Steve Waite were assigned as "agents" to
> promote the brand.  All root Certificates and infrastructure was
> maintained and operated alongside the GeoTrust branded roots and in
> infrastructure operated by GeoTrust Inc.  In 2006 VeriSign acquired
> GeoTrust and all its assets, including the RapidSSL brand and root
> Certificates.  Paul and Steve ceased their relationship with GeoTrust (now
> owned by VeriSign) in late 2006.  At the time of the rogue issuance of
> RapidSSL root Certificates, ownership and infrastructure of maintenance
> had been under VeriSign's control for over 2 years.  To be clear, VeriSign
> did not switch away from MD5 on behalf of RapidSSL, RapidSSL is just a
> product brand (not a company) owned in full by VeriSign.
> ------------------------------------------------------------------------------------------

Thanks for this.

The point remains, that the customers see only the RapidSSL brand, no sign of Verisign on the homepage. And obviously they were running with a very different web application than other Verisign affiliates. Even as just a product brand, some people were assigned to handle the website and the CA, and despite being owned by Verisign, those people apparently weren't doing a very good job.

Yoav

v2.23.0 | Report a Bug | By Email