Andrews, Rick wrote:
That strikes me as a policy that one might describe as attacker
friendly.
I suggest: revoke first, contact later.
When you revoke the certs, you're protecting your relying parties, and
you can count on your relying parties to contact the subjects whose
certs have been
Nelson B Bolyard wrote:
Bruce wrote, On 2008-06-06 14:46:
snip
Business ID is generally performed through third party database look-
ups. Individual ID is accepted by fax.
Is that good enough for Individual ID?
Can you detect if an individual faxes a stolen ID?
Before we go too far down
On Sun, Jun 8, 2008 at 5:21 AM, Michael Ströder [EMAIL PROTECTED] wrote:
Andrews, Rick wrote:
That strikes me as a policy that one might describe as attacker
friendly.
I suggest: revoke first, contact later.
When you revoke the certs, you're protecting your relying parties, and
you can
Frank Hecker:
Nelson B Bolyard wrote:
Is that good enough for Individual ID?
Can you detect if an individual faxes a stolen ID?
Before we go too far down this path... I believe that having people fax
in identity documents (whether individual or corporate) is a fairly
common and accepted
Kyle Hamilton:
How much does it cost the CA to mint a new certificate?
Not much...guess that part is covered by the standing run time costs of
the CA.
How much
liability does the CA assume in the case where a subject's certificate
is used by someone other than the subject through no real
Frank Hecker:
I agree that it would be a good thing if Entrust (or any CA, for that
matter) used technical means (like sending email to postmaster or
whatever) to verify domain name ownership for non-EV SSL certs, in
addition to whatever other procedures are used. However based on what
the
At 1:28 PM -0700 6/8/08, Kyle Hamilton wrote:
How much does it cost the CA to mint a new certificate? How much
liability does the CA assume in the case where a subject's certificate
is used by someone other than the subject through no real fault of the
subject's?
Zero and zero.
How much hassle
I recently encountered a web site with a certificate that chained through
two intermediate CAs to one of Mozilla's trusted roots.
This cert's Subject Alt Name (SAN) extension included:
- 43 wildcard domain names (e.g. of the form *.something.tld)
- 1 non-wildcard DNS name (of the form
8 matches
Mail list logo
