On 22/02/2018 23:27, James Burton wrote:
It doesn't take that long for a CAs to do vetting checks for OV and EV
certificates when everything is handed to them on a plate. Breaking CAs
vetting procedures is not too hard.
In principle, the vetting procedures is what customers pay for and
relying
It doesn't take that long for a CAs to do vetting checks for OV and EV
certificates when everything is handed to them on a plate. Breaking CAs
vetting procedures is not too hard.
The key here is that security research shouldn't cost the
researcher thousands to prove a valid point. They should be e
On 22/02/2018 22:17, James Burton wrote:
There needs to be a program that helps security researchers like myself get
free or low cost certificates for research purposes. That EV research I did
a while ago nearly set me back personally $4,297.
James
I think there are three main cases and an ad
I didn't put this in the article because it's not relevant as an attacker
wouldn't care nonetheless.
James
On Thu, Feb 22, 2018 at 9:29 PM, James Burton wrote:
> They tried charging the card the amount the day after the certificate was
> issued but the bank fraud department called me about the
They tried charging the card the amount the day after the certificate was
issued but the bank fraud department called me about the transaction and I
refused it because it was invalid as it was within the trial period and it
was clearly stipulated that I was only going to get charged after the 30
da
There needs to be a program that helps security researchers like myself get
free or low cost certificates for research purposes. That EV research I did
a while ago nearly set me back personally $4,297.
James
___
dev-security-policy mailing list
dev-secur
6 matches
Mail list logo