On Wed, May 18, 2016 at 03:16:59PM +0100, Gervase Markham wrote:
> > What is meant by "fraudulent use"?
>
> I think the bullet as a whole could mean that we reserve the right to
> not include CAs who happily issue certs to "www.paypalpayments.com" to
> just anyone without any checks or High Risk string list or anything.
> Such a cert, unless issued to Paypal, Inc., is clearly to be used for
> fraud, IMO
How so? It could be a site providing information from a third party on how
to make and receive payments via PayPal. It could also be a site operated
by a third party on behalf of PayPal. Inferring nefarious intent from a
domain name seems like a really great way to make some fairly spectacular
mistakes.
- Matt
--
My favourite was some time ago, and involved a female customer thanking "Mr.
Daemon" for his effort trying to deliver her mail, and offering him a "good
time" if he ever visited Sydney.
-- Matt McLeod
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
