[EMAIL PROTECTED] wrote: > They are a Geotrust reseller, but also have issued hundreds of ssl > from their own FlySSL CA: http://www.registerfly.com/ssl/ > > They have no CPS or other documentation posted - just the statement > "The following information has been self-reported by the entity to > which it relates for the purpose of assignment of a unique identifier > (CUI). The information has not been verified nor has the entity been > authenticated, credentialed, verified, or investigated in any way."
I was greatly alarmed when I read that, but then I dug into it a little. That statement comes from http://businessprofile.geotrust.com/get.jsp?1869067182 That URL is found in the (recently expired) SSL server cert for https://www.registerfly.com/ It appears in the middle of a small page, just below the information identifying the party to whom the SSL server cert cert was issued (the "Subject" or "Subscriber"), in this case, registerfly. There is NO information following (that is, below) that statement on that page. So, as I read it, geotrust is not saying that they didn't verify the information about the name and address of registerfly in any way. They're saying that registerfly could have provided additional self-reported information, and if they had done so, it would appear on that page following that disclaimer, but apparently they did not do so. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
