to be fair ... most commercial CA's have to verify with the domain name infrastructure as to the owner of the domain name ... before issuing a SSL domain name server cert. Note however, one of the justifications for having SSL domain name server cert is because of concerns with regard to domain name infrastructure integrity issues and things like domain name hikjacking. Note however, that if the domain name infrastructure has had a domain name hijack before the SSL server cert is applied for ... when the CA goes to the domain name infrastructure to verify the domain name ownership ... it will verify and a SSL server cert can be issued to the wrong entity (aka the issuing of a SSL server cert is subject to some of the same integrity exposures as concerns that gave rise to having SSL server certs in the first place).
Furthermore, some of the proposals to address domain name infrastructure integrity issues so that CAs can trust their verification as to domain name ownership ... also eliminates justifications for needing SSL server certs random refs: http://www.garlic.com/~lynn/subtopic.html#sslcerts [EMAIL PROTECTED] on 1/12/2002 12:31 pm wrote: To be fair, most commercial CA's require evidence of "right to use" a FQDN in an SSL server cert. But your point is apt. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]