Gervase Markham wrote:
... But I think issuing any sort of SSL server cert without some sort
of audit trail which allows you to track down the person responsible
for the server is a bad idea. And if existing CAs are doing it, they
should be encouraged to stop.
Why do you think that a phisher would care about
any of that if they needed a cert? Phishers are
already expert at leaving audit trails that go nowhere,
and any industrial scale audit system by the CAs will
be easy meat for them, IMHO.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
