Gervase Markham wrote:
If the checks were not performed properly by the CA, the CA is liable.
No. If they follow the guidelines, they disclaim liability.
Then the checks have been performed properly. You can't have it both
ways. The CA can't both "not perform the checks properly" and "follow
the guidelines".
They can, if
1) the guidelines are too weak
2) the guidelines only require a check to be *performed*, but it's not
performed *properly*.
2) a) You "check" data A by looking at it, and it's obviously wrong, but
you let it pass the check, because the clerk who did it is an untrained
monkey for $5/h who doesn't care a bit, and nobody holds him accountable
2) b) Or you check the address, but the source where you checked it
again was wrong, and you *know* it's a weak, but cheap/convenient source.
Same goes with you, BTW. You said you would have liked to see
signatures, but you keep arguing against it. Just because somebody
said it will cost hundreds of dollars?
You mean site visits? They are in there for some circumstances, but
not all.
Well, I have not asked to require site visits, only signature checks,
against the passport.
--
When responding via mail, please remove the ".news" from the email address.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
