On Tue, 12 Apr 2005, Gervase Markham wrote: > As some of you have noted, Opera 8 beta 3 now displays the contents of > the certificate's Organisation field in the UI, ostensibly as an > anti-phishing measure. > > GeoTrust has just released a paper outlining the problems with this > approach, and giving practical and real-world examples: > http://geotrust.com/resources/advisory/sslorg/index.htm
This is further evidence that we cannot rely on CAs to maintain clear uniqueness of certificates, and that we must enable users to establish trust relationships without having to depend on CAs. The only mechanism I know of that enables this is the petname. See http://petname.mozdev.org/. (If you know of other ways, I'm curious to hear about them.) -- ?!ng _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
