Don't have time for a long response, but I do have one comment below. Eddy Nigg (StartCom Ltd.) wrote: > One can purchase a popular or less popular domain name, request a > certificate for N years, let the domain name expire after one year, wait > to have it picked up by somebody else. Now, this site can be spoofed at > will and a MITM is possible (the very same thing Mozilla tries to > prevent in first place).
OK, I better understand what your concern is now. But note that this scenario would not actually require the attacker to wait for a year. They could simply use "domain tasting" to register a domain name, get a cert for it, then hand back the domain after 5 days (or whatever it is) for a refund. So to the extent that this is a threat, it's really a threat against DV certificates in general, even those with one year expirations. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
