Eddy Nigg (StartCom Ltd.) wrote:
I could get more into details here, but I spare you that ;-). But the
obvious is, that the very operators of the sites in question have the
solution to the problem much closer at hand than anybody else!
Really? Perhaps you could suggest it, if it's so easy.
People thought that having the site display an image the user had to
recognise was one way - but a recent study shows that this doesn't work
either. I'm sure site operators are trying to find ways to improve
security as well, but they are having great difficulty, just as we are.
BTW, Eddy, it's spelt "phishing", with an H. :-)
to justify the selling of over-priced digital certification
If they are over-priced, then that's a business opportunity for you.
You must have some insider information, do you ;-)
No. I just want you to stop asserting that EV certs are overpriced
unless you have some evidence that they are. And if you do, you should
go into business against them with a cheaper offering and clean up in
the market.
Gerv
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security