NSS

Comment 29 for bug 310999

(In reply to comment #22)
> I think there are some open questions here, including:
>
> a) How many resellers were selling certs subordinate to that same PositiveSSL
> CA cert?

To all of my knowledge there are many, most likely in the hundreds, maybe more.

>
> Do we know that the number is more than 1?

Yes

> b) Did all those resellers share a common DV checking service?

No

> Or did each provide its own DV checking independently?

No

> If all the resellers of certs subordinate to that CA cert shared a common
> DV checking service, then again, replacing that CA certs seems to fit the
> scope of the potential problem.

They don't have a common DV checking service. I'm in the process to provide more information in a short time.

However apparently it's the same intermediate CA which issues the certificates. But of course Comodo can change that in short time and issue from a different root or intermediate should Mozilla decide to take some action.