FWIW:
On 31.12.2008 15:47, Eddy Nigg wrote:
EV is clearly maximum
No. EV is what I always expected all certs to be. It's really the
minimum. The whole security hangs of a phone call. It has lots of loopholes.
For me, anything less is rather pointless. DV: verify via http or
plaintext mail - hah. What was the reason for https again?
The maximum is that the CEO has to sign in front of an CA agent, which
checks face and signature against the passport / ID card. The CA also
checks state registers for the official representative of the company.
And all the stuff EV does. Oh, and the CA is of course liable infinitely
for all and any kind of damages, direct and indirect, that result from a
wrong certification - otherwise they can just do crap and say "sorry"
when things go wrong.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
