IMO the issue of authenticating the identity of certificate applicants is to a large degree orthogonal to the issue of preventing phishing attacks based on misleading domain names.
It is. My point is not that CAs should be refusing certificates to people with "similar" domains, but that they should be keeping info to allow the people to be tracked down if they are nefarious. This is not just about phishing - it's also about dodgy web shops etc.
So it's about retribution, not prevention.
Gerv
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
