Ian, You're the anti-phisher guy. I would expect you to want certs to contain more info to help fight phishing. Just how does a cert that contains only CN=pay.pal.com help avoid phishing?
Not to speak for Ian, but it permits the basic check that Gerv recommends:
http://www.gerv.net/security/stay-safe/
assuming of course that the user can recognize that "pay.pal.com" != "paypal.com". And if they can't recognize that, I doubt very much they're going to be clicking on the lock and checking the information in the cert.
So the question is, what is the purpose of the O and OU information in SSL certs? If the values of these fields are not exposed in the standard browser interface by default then it seems to me that (unlike CN) they have minimal or no relevance when it comes to protecting the security of typical users.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
