In <[EMAIL PROTECTED]> "Stuart D. Gathman" <[EMAIL PROTECTED]> writes:
> In the case of cheap email certifications, the CA does *not* in fact > verify the person. They only verify that the email address given can > reply to a confirmation message. Of course, CAs can issue certificates > that verify the person, but these are more expensive. > (Except for http://www.cacert.org/ ) Don't ever let Vernon Shryver ever hear you say that CAs can verify a person if you don't want to be painfully scolded. CAs can't tell if a single spammer has registered many different certs under many different aliases. CAs have a very hard time telling if a single spammer is using many different real people as their aliases. There was a fun article/webpage about how a reporter got a cert claiming he was Bill Gates and how he fudged the email display name to send s/mime validated email that looked like it came from [EMAIL PROTECTED] All certificates do is tell you that someone was able to sucessfully have a cert paid for. Usually with a credit card. Not aways with their own credit card. Certs have no more value for basing a reputation on than domain names. -wayne ------- To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/[EMAIL PROTECTED]
