Gervase Markham <[EMAIL PROTECTED]> writes: >As some of you have noted, Opera 8 beta 3 now displays the contents of >the certificate's Organisation field in the UI, ostensibly as an >anti-phishing measure.
>GeoTrust has just released a paper outlining the problems with this >approach, and giving practical and real-world examples: >http://geotrust.com/resources/advisory/sslorg/index.htm Just to clarify this, by "organisation name" do they mean the X.500 O field, the OU field, or the DN field? O and OU are more or less a lost cause given the CA practice of hardcoding them to fixed CA-specific values and/or using them to stash things like legal disclaimers. Having fifty different URL bars all displaying the organisation as "NO LIABILITY ACCEPTED" (which Verisign were using as an OU at one point) probably won't engender much consumer trust in this measure. Peter. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
