Frank Hecker wrote: > Gervase Markham wrote: > >> CAcert's policy of giving certs to anyone with a working email address > > Gerv, I'll let others give the definitive answer to this, but a number > of CAs will issue certificates based solely on verification of a working > email address. This is usually done for individual email certificates, > but it's possible that some CAs will do this for SSL server certificates > as well, at least for "free trial" evaluations and "test" certificates.
OK, fair enough. Obviously, I can see the point of issuing email certs based on an email address ;-) But I think issuing any sort of SSL server cert without some sort of audit trail which allows you to track down the person responsible for the server is a bad idea. And if existing CAs are doing it, they should be encouraged to stop.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
