Re: [TLS] [pkix] Proposing CAA as PKIX Working Group Item
Yoav Nir <ynir@checkpoint.com> Wed, 08 June 2011 07:31 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E680121F8476; Wed, 8 Jun 2011 00:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.496
X-Spam-Level:
X-Spam-Status: No, score=-8.496 tagged_above=-999 required=5 tests=[AWL=0.498, BAYES_00=-2.599, DEAR_SOMETHING=1.605, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sm47PD2AzLe2; Wed, 8 Jun 2011 00:31:03 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id E7C8121F8475; Wed, 8 Jun 2011 00:31:01 -0700 (PDT)
X-CheckPoint: {4DEF3337-3-1B221DC2-FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id p587Tbhb017894; Wed, 8 Jun 2011 10:29:37 +0300
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 8 Jun 2011 10:29:36 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: koichi sugimoto <koichi.sugimoto@globalsign.co.jp>
Date: Wed, 08 Jun 2011 10:29:35 +0300
Thread-Topic: [pkix] [TLS] Proposing CAA as PKIX Working Group Item
Thread-Index: AcwlrdFQ52d6dZUqTy+rISP51yR8yw==
Message-ID: <D2D0D1AD-5499-4D1B-BE2D-957A3C9847FB@checkpoint.com>
References: <E1QSKXu-0000S2-2s@login01.fos.auckland.ac.nz> <81856AC0-F6FB-4321-93FE-559D5C5E2743@checkpoint.com> <BANLkTikbWz=Y0VfqcfC+xXuV5voLA_gtGg@mail.gmail.com>
In-Reply-To: <BANLkTikbWz=Y0VfqcfC+xXuV5voLA_gtGg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "pkix@ietf.org" <pkix@ietf.org>, "paul.hoffman@vpnc.org" <paul.hoffman@vpnc.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [pkix] Proposing CAA as PKIX Working Group Item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 07:31:04 -0000
On Jun 7, 2011, at 4:31 AM, koichi sugimoto wrote: > Dear Sirs, > > I've heard the fact was as follows: > > ------------------------------------------------------------------------- > Paul Tourret and Steve Waite were independent agents assigned the > responsibility of sales and marketing for the RapidSSL brand, acting under > a company called Certification Services Ltd (CSL). Verisign served > termination notice to CSL immediately after the announcement of the > GeoTrust acquisition. CSL then later changed its name to GlobalSign > Limited following successful acquisition of GlobalSign NV. RapidSSL.com > was, and always had been, an SSL brand owned in full by GeoTrust Inc. > GeoTrust elected to represent the brand as a business unit and as > mentioned above, Paul Tourret and Steve Waite were assigned as "agents" to > promote the brand. All root Certificates and infrastructure was > maintained and operated alongside the GeoTrust branded roots and in > infrastructure operated by GeoTrust Inc. In 2006 VeriSign acquired > GeoTrust and all its assets, including the RapidSSL brand and root > Certificates. Paul and Steve ceased their relationship with GeoTrust (now > owned by VeriSign) in late 2006. At the time of the rogue issuance of > RapidSSL root Certificates, ownership and infrastructure of maintenance > had been under VeriSign's control for over 2 years. To be clear, VeriSign > did not switch away from MD5 on behalf of RapidSSL, RapidSSL is just a > product brand (not a company) owned in full by VeriSign. > ------------------------------------------------------------------------------------------ Thanks for this. The point remains, that the customers see only the RapidSSL brand, no sign of Verisign on the homepage. And obviously they were running with a very different web application than other Verisign affiliates. Even as just a product brand, some people were assigned to handle the website and the CA, and despite being owned by Verisign, those people apparently weren't doing a very good job. Yoav
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Michael D'Errico
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Marsh Ray
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Marsh Ray
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] Proposing CAA as PKIX Working Group Item Geoffrey Keating
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… koichi sugimoto
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Marsh Ray
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Martin Rex
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [TLS] [pkix] Proposing CAA as PKIX Working Gr… Tom Gindin