The subject is the title of a Slashdot article posted today.  The
article can be accessed at
<https://it.slashdot.org/story/17/03/25/2222246/over-14k-lets-encrypt-ssl-certificates-issued-to-paypal-phishing-sites>.


The article contains two links.  One is to a Bleeping Computer article
that gives more detail.

The other link is to a Let's Encrypt page where that certification
authority states:> Let’s Encrypt is going to be issuing Domain
Validation (DV)
> certificates. On a technical level, a DV certificate asserts that a
> public key belongs to a domain – it says nothing else about a site’s
> content or who runs it. DV certificates do not include any
> information about a website’s reputation, real-world identity, or
> safety. To me, this means that certificates can be freely issued to criminal
enterprises.

-- 
David E. Ross
<http://www.rossde.com>

Consider:
*  Most state mandate that drivers have liability insurance.
*  Employers are mandated to have worker's compensation insurance.
*  If you live in a flood zone, flood insurance is mandatory.
*  If your home has a mortgage, fire insurance is mandatory.

Why then is mandatory health insurance so bad??
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to