I think page 8 of their manual at least partially explains how and what "QuickInvite" is. The whole document is rather interesting...
https://www.geotrust.com/geocenter/resources/partnercenter-user-guide.pdf On Saturday, April 1, 2017 at 6:01:23 AM UTC-4, Nick Lamb wrote: > On Friday, 31 March 2017 17:27:34 UTC+1, tarah.s...@gmail.com wrote: > > I'm Tarah. I am the Principal Security Advocate and Senior Director of > > Engineering at Symantec Website Security (the certificate authority. > > Hello Tarah, > > Regular readers of m.d.s.policy will not be surprised that the news media > doesn't do a great job of explaining problems with the Web PKI. > > As so often I have questions, none of which involve kittens or Ferris Bueller > but instead today focus on QuickInvite URLs. > > 1. Symantec's own web site describes "Quick Invite" in several places, I > presume this is the same QuickInvite system you're talking about. It explains > that "The Quick Invite Duration default expiration time is 30 days, but can > be set during the sending of the invite" with a maximum of one year. > Presumably this is simply obsolete documentation, or else it refers to some > other feature under a similar name? If the former, I am happy to provide the > URLs where I found this, are you able to ensure they get updated or removed ? > > 2. What was the designed purpose of the QuickInvite URL / the QuickInvite > system itself ? I appreciate that for you its purpose is very obvious as > you've spent time up to your neck in it, but to me it's still rather opaque. > Let me set out some possible actors in our play, and hopefully you can tell > me which actors arrange for the URL to be sent out, which actors receive it, > and what they can do with it. That last is quite important. If the list I > provide is inadequate feel free to invent more people, just explain what they > do. > > Exam PLE is a small business with a web site, www.example.com > Andrea is the sysadmin at Exam PLE > Betty is Alice's boss, her details are listed in WHOIS for example.com > Catherine is an employee at the CA, Symantec > Jo is an SSL reseller, she offers cheap Symantec certs > Valorie is a seemingly helpful person who answers Andrea's queries on Q&A > sites > Wendy runs a web hosting business, she runs the servers www.example.com uses _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
