Gervase Markham wrote:
[EMAIL PROTECTED] wrote:
So we created a new type of automated
certificate that focuses on proof of domain control in real time
combined with real time email and telephone validation and
sophisticated fraud-detection algorithms.
I'd be interestd in hearing more about the real-time email and telephone
validation and fraud detection algorithms.
Control of domain is all very well, but if I've been phished, I want to
be able to tell the nice policeman "they had this cert from GeoTrust -
contact them to get an address you can go and knock on the door of". I
don't want to do that, and have GeoTrust say "There's no address. Hey,
we were absolutely certain that we gave a cert for that domain to the
person who owned the domain, and that's all we promise to do", because
that's not particularly helpful to my policeman...
Why are you requiring that of GeoTrust? What happens
if they don't provide that service?
Shouldn't you be accepting GeoTrust's offering for what
it is that the offer?
If it's not good enough, then don't shop at that merchant.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
