James A. Donald wrote: > -- > Has anyone been attacked through a certificate that > would not have been issued under stricter security? The > article does not mention any such attacks, nor have I > ever heard of such an attack.
How much money does a phishing site make before it is forced to close? (and change its cert) Would it be greater or less than the cost of a HA cert? If browser vendors make UI changes to indicate the presence of a HA cert to users (some are apparently considering changing the URL bar green), and users trust HA certs more as a result, then that increases their value when used in a scam. It isn't too much of a stretch of the imagination that phishers would go to the trouble of registering companies and forging enough of financial record to meet the higher assurance standards if it would make users more credulous of their site. -d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]