BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Email certificates
- Subject: Email certificates
- From: bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org (Bill Bogstad)
- Date: Sun, 4 Apr 2010 16:31:07 -0400
- In-reply-to: <4BB8E55B.8020206-5a1Jt6qxUNc@public.gmane.org>
- References: <4BB8E55B.8020206@vl.com>
On Sun, Apr 4, 2010 at 3:15 PM, Tom Metro <tmetro-blu-5a1Jt6qxUNc at public.gmane.org> wrote: > I'm ?currently going through the process of purchasing email > certificates for a few of my domains, and I'm a bit concerned that the > vendor I'm currently using is not doing much to validate the information > I'm supplying. They seem to be relying solely on documents I have > supplied to them, which I could easily have forged. There is no sign > that they've verified them independently. (They did use D&B to validate > information for a certificate in a business name, but that just proves > that the address I supplied on my application form matches the real > address of the business.) > > If you've gone through this process, were you satisfied with the level > of checks performed by the vendor, and if so, who did you use? I just saw an article about potential social engineering issues and client certificates... http://www.betanews.com/article/Security-researcher-Trivially-easy-to-buy-SSL-certificate-for-domain-you-dont-own/1270072287 Not sure if its relevant to your exact situation, but it still warrants a read. Bill Bogstad
- References:
- Email certificates
- From: tmetro-blu-5a1Jt6qxUNc at public.gmane.org (Tom Metro)
- Email certificates
- Prev by Date: Hardware Virtualization issue
- Next by Date: internet connection
- Previous by thread: Email certificates
- Next by thread: Email certificates
- Index(es):
