See: http://registerflies.com/hacked-send-no-money.html
That pretty much defines "rogue CA".
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
Hardly irrelevant. Their FlySSL CA is under a root which is in the
Mozilla store.
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
Looks like there's a mix of FlySSL certs out there. Many of them are
issued from Geotrust's RapidSSL (with no reference to FlySSL in
them). But there are also many from the
"ResellerFlyCertificateServices" CA, which is under Comodo's AddTrust
root.
__
They are a Geotrust reseller, but also have issued hundreds of ssl
from their own FlySSL CA: http://www.registerfly.com/ssl/
They have no CPS or other documentation posted - just the statement
"The following information has been self-reported by the entity to
which it relates for the purpose of a
"The Mozilla CA policy will not define/change CA policies and
practices. No new audits
are needed. Nothing will change in this respect."
Untrue. Currently the UI is the same for all SSL, no matter the
quality. You are proposing to use the UI to differentiate between
grades of SSL ... then you be
The project you propose is monumental in terms of 1) categorizing the
hundreds of certificate classes offered by the dozens of CAs, and 2)
auditing compliance with the new tiers. It could also take up to
three years to bring the new classification system online, assuming
CAs would only issue certi
There's been some criticism here regarding standards that impose high
requirements for financial viability of a CA as well as costly audit
regimes.
But those requirements do play a role. Witness the ongoing meltdown
of the ICANN registrar registerfly.com, which is stranding hundreds of
thousands
Another study on users' attentiveness, this time based on Sitekey
(which uses self-selected images to help users verify they are
visiting a trusted site). Apparently users accept that stuff changes
all the time on websites/browsers while their habits do not.
http://usablesecurity.org/emperor/
"A
