So we created a new type of automated
certificate that focuses on proof of domain control in real time
combined with real time email and telephone validation and
sophisticated fraud-detection algorithms.
I'd be interestd in hearing more about the real-time email and telephone validation and fraud detection algorithms.
Control of domain is all very well, but if I've been phished, I want to be able to tell the nice policeman "they had this cert from GeoTrust - contact them to get an address you can go and knock on the door of". I don't want to do that, and have GeoTrust say "There's no address. Hey, we were absolutely certain that we gave a cert for that domain to the person who owned the domain, and that's all we promise to do", because that's not particularly helpful to my policeman...
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
