By the following snippet referring to a Slashdot post, it seems that someone registered a company called "Click Yes To Continue" and then proceeded to buy a cert and create some softwhere!
Novel!
iang
-------- Original Message --------
<http://www.benedelman.org/news/020305-1.html>
For once the discussion on Slashdot, at <http://it.slashdot.org/article.pl?sid=05/02/14/0149211>, is not entirely noise. The most interesting post is this one:
# This is what Verisign answered when I asked them the same question last # year (and then refused the stupid automated reply):
In response to your email, when this company submitted their request for a digital certificate, we followed our standard authenticiation & verification policies to make sure of the following:
1. That the company, Click Yes To Continue, is indeed a legitimate company and has the right to conduct business under this company name, which was confirmed using an online, 3rd party web site for validating companies located in Canada. and 2. Received a valid phone bill from the company, in which we used to call the company back & confirm the order.
Please note that when a company obtaina code signing certificate, we DO NOT validate their code, as the customer has to agree to our certificate policies before even submitting their requets online.
Therefore, we did not issue a certificate to a 'fake company'. However, we will forward your email to our internal security department and Verisign Lawyers to see if this company is indeed distributing fraudulent code using a certificate obtained through Verisign.
# Obviously, nothing happened afterwards.
--
_______________________________________________ cap-talk mailing list [EMAIL PROTECTED] http://www.eros-os.org/mailman/listinfo/cap-talk
-- News and views on what matters in finance+crypto: http://financialcryptography.com/
_______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto