I don't want to speak for Gerv, but I don't believe he's concerned about CAcert or other CAs issuing fraudulent SSL certs for "amazon.com", he's concerned about CAs issuing SSL certs for misleading domain names like "amaz0n.com".
Not about them issuing them - but about being able to track down the owners if they start abusing the domain for phishing.
Ideally, there would also be some agreed set of "too close" criteria (the punycode attacks lend themselves to this, if you draw up a list of identical glyphs at different code points) where the request would be automatically refused. But outside of punycode, judging closeness is a hard problem. And a site like www.paypal-ebay.com would probably not meet any closeness criteria, but is a valid phishing site.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
