So, how much is too much? https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
<snip> This issue was reported to us by the *Comodo Group, Inc.*, the certificate authority *responsible* for issuing the fraudulent certificates. </snip> Comodo has known history of doing sloppy verification and they even bundle their "trusted" vendors list into their CIS product, which results in users getting infected by malware: http://forums.comodo.com /wishlist-cis/provide-an-option-to-remove-allselected-ctrlclick-trusted- software-vendors-t62449.0.html <snip> Thanks to the trusted vendor list, a trojan dropper signed by trend micro inc. was able to work successfully (good job Comodo!). When you add a trusted vendor list, all it does is provide one giant security hole for droppers which are falsely signed </snip> Let me repeat: So, how much is too much? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/310999 Title: comodo seen issuing certificates unwisely -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
