On Tue, Jan 08, 2013 at 05:06:23PM -0500, Jeffrey Walton wrote: > On Tue, Jan 8, 2013 at 3:59 PM, Thor Lancelot Simon <[email protected]> wrote: > > > https://www203.americanexpress.com > > That's not too egregious (though its bad). What frustrates me is when > they send you to a different domain for the authentication or a > transaction.
Well, yes, that's bad, but of course what I was trying to point out as bad in this particular case was that even in the face of an hour's worth of effort by someone calling from the security department of another institution, in this case, the purported holder of this certificate was *unable to say* whether it was actually theirs or not. Whoops. Thor _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
