I think page 8 of their manual at least partially explains how and what 
"QuickInvite" is. The whole document is rather interesting...


On Saturday, April 1, 2017 at 6:01:23 AM UTC-4, Nick Lamb wrote:
> On Friday, 31 March 2017 17:27:34 UTC+1, tarah.s...@gmail.com  wrote:
> > I'm Tarah. I am the Principal Security Advocate and Senior Director of 
> > Engineering at Symantec Website Security (the certificate authority.
> Hello Tarah,
> Regular readers of m.d.s.policy will not be surprised that the news media 
> doesn't do a great job of explaining problems with the Web PKI.
> As so often I have questions, none of which involve kittens or Ferris Bueller 
> but instead today focus on QuickInvite URLs.
> 1. Symantec's own web site describes "Quick Invite" in several places, I 
> presume this is the same QuickInvite system you're talking about. It explains 
> that "The Quick Invite Duration default expiration time is 30 days, but can 
> be set during the sending of the invite" with a maximum of one year. 
> Presumably this is simply obsolete documentation, or else it refers to some 
> other feature under a similar name? If the former, I am happy to provide the 
> URLs where I found this, are you able to ensure they get updated or removed ?
> 2. What was the designed purpose of the QuickInvite URL / the QuickInvite 
> system itself ? I appreciate that for you its purpose is very obvious as 
> you've spent time up to your neck in it, but to me it's still rather opaque. 
> Let me set out some possible actors in our play, and hopefully you can tell 
> me which actors arrange for the URL to be sent out, which actors receive it, 
> and what they can do with it. That last is quite important. If the list I 
> provide is inadequate feel free to invent more people, just explain what they 
> do.
> Exam PLE is a small business with a web site, www.example.com
> Andrea is the sysadmin at Exam PLE
> Betty is Alice's boss, her details are listed in WHOIS for example.com
> Catherine is an employee at the CA, Symantec
> Jo is an SSL reseller, she offers cheap Symantec certs
> Valorie is a seemingly helpful person who answers Andrea's queries on Q&A 
> sites
> Wendy runs a web hosting business, she runs the servers www.example.com uses

dev-security-policy mailing list

Reply via email to