Duane wrote:
Nelson pointed out how bad email verification is, but what if that's
all you can prove?
If email is the only use for the cert, one could make
a case that is good enough.
If HTTPS is the use for the cert, then as I suggested
in some other random long rant today (!) we could
always ask the domain owner to stick something in
the HTTP page.
Sort of like a little icon ad that people commonly do,
you can see a couple of them in the below link. I
think that makes a case that whoever stuck those
in there has at least some control over the domain,
for HTTP purposes.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
