Hi Kirk, On 30/01/18 14:37, Kirk Hall via Public wrote: > Tim – your argument is “who knows if any certs have been misissued under > Method 1” could apply to all other methods. That’s not an argument that > there HAVE been misissued certs. We have been using the method for many > years at multiple companies for many major enterprises (who would > certainly be targets for phishing),
Please can you stop conflating misissuance and phishing, as if the latter is the only possible route to the former? > Your second statement – that Symantec issued lots of certificates using > Method 1 that DigiCert would never have issued – seems to imply you have > found misissuance by Symantec. No, it doesn't. It means that the level of assurance that it went to the right person is not high enough for DigiCert, but they have no evidence it went to the wrong person. It may have done; they don't know. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
