Ian G wrote:
If HTTPS is the use for the cert, then as I suggested in some other random long rant today (!) we could always ask the domain owner to stick something in the HTTP page.
Sort of like a little icon ad that people commonly do, you can see a couple of them in the below link. I think that makes a case that whoever stuck those in there has at least some control over the domain, for HTTP purposes.
Sorry for being thick here, but I don't understand what you're suggesting. How does the content of an insecure web page offer any proof of ownership that is stronger than email? One falsified DNS record, or one bad line in your "hosts" file, is all it takes to spoof any/all insecure web content from any one site.
Sorry if I'm missing something obvious. _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
