upvote

points

by ZeroSSL4 hours ago |
comments
upvoteby kruffalon2 hours ago|
next
[-]
> - We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.

OK, but in the context of this topic thr interesting part isn't your marketing but your jurisdiction.

Could you clarify which jurisdiction you operate under and a link on the ZeroSSL website that collaborates that?

Thank you <3

reply
upvoteby hoistbypetard1 hours ago|
prev|
next
[-]
Sectigo used to be Comodo's CA business. If memory serves, that business was purchased by a US PE firm and renamed "Sectigo". Sectigo Inc.'s corporate headquarters is now in Scottsdale, AZ.

There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt.

reply
upvoteby idoubtit50 minutes ago|
parent|
[-]
There were reason to believe they were less subject to US juridiction: their Subscriber Agreement is for "Sectigo Limited, a limited company formed under the laws of England and Wales". See https://www.sectigo.com/uploads/backgrounds/Certificate-Subs...

Sadly, their United Terms and Conditions in section 8.2 are even more restrictive than LE's. They reject any entity "located in, incorporated under the laws of, or owned (meaning 50% or greater ownership interest) or otherwise, directly or indirectly, controlled by, or acting on behalf of, a person located in, residing in, or organized under the laws of any country sanctioned under the laws of the U.S. or E.U." See https://www.sectigo.com/uploads/backgrounds/United-Terms-and...

From a layman point of view, it could even mean that the ICC and the UN are prohibited from using Sectigo. The Customer must have no "affiliates, officers, directors, or employees" that are on sanction lists, and the US have sanctioned some high-profile members of the UN and the ICC that spoke about the genocide in Gaza.

reply
upvoteby redrblackr2 hours ago|
prev|
[-]
Any plans on becoming an independent CA? Would certificates issued in your name also risk being affected by US sanctions trough sentigo?
reply
upvoteby orochimaaru1 hours ago|
parent|
[-]
If they do business in the US they will be expected to comply with US law - this includes their stock being traded on US stock exchanges.

If they don’t have any business in the US and any financial ties to the US they won’t be subject to the sanctions. But I believe it will create issues if they want to enter the US market.

reply