By the following snippet referring to a Slashdot
post, it seems that someone registered a company
called "Click Yes To Continue" and then proceeded
to buy a cert and create some softwhere!
Novel!
iang
-------- Original Message --------
<http://www.benedelman.org/news/020305-1.html>
For once the discussion on Slashdot, at
<http://it.slashdot.org/article.pl?sid=05/02/14/0149211>,
is not entirely noise. The most interesting post is this one:
# This is what Verisign answered when I asked them the same question last
# year (and then refused the stupid automated reply):
In response to your email, when this company submitted their request for
a digital certificate, we followed our standard authenticiation &
verification policies to make sure of the following:
1. That the company, Click Yes To Continue, is indeed a legitimate
company and has the right to conduct business under this company
name, which was confirmed using an online, 3rd party web site for
validating companies located in Canada.
and
2. Received a valid phone bill from the company, in which we used to
call the company back & confirm the order.
Please note that when a company obtaina code signing certificate, we
DO NOT validate their code, as the customer has to agree to our
certificate policies before even submitting their requets online.
Therefore, we did not issue a certificate to a 'fake company'. However,
we will forward your email to our internal security department and
Verisign Lawyers to see if this company is indeed distributing
fraudulent code using a certificate obtained through Verisign.
# Obviously, nothing happened afterwards.
--
_______________________________________________
cap-talk mailing list
[EMAIL PROTECTED]
http://www.eros-os.org/mailman/listinfo/cap-talk
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
