Ian G wrote: > Ah, to clarify, I was sort of assuming they > wanted the cert for their website. If they > wanted the cert for email/code signing, > then that won't be so easy.
Actually someone else pointed out an issue with the idea of screen scraping a website to prove domain control... "There are usually much more people with content change rights on the homepage than have administrative privileges on the server. The ability for adding content to the page (that might be closely monitored by others) is in no way equivalent to the ability to get an SSL cert for it (that might get used on a fake host). It would be a really nice privilege escalation." -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
