Heikki Toivonen: > > That is not good enough. As long as it is possible to spoof DNS, it is > possible to get DV certificate for any domain. >
Even though I'm in favor of not mixing EV and other content, I think this argument is moot. Chances that such an attack on a CA is successful is most likely less than having you encounter such an attack yourself. And you don't have to....apparently there are CAs where it's sufficient to flip a flag to get any domain into a certificate... But lets make sure we aren't mixing apples with eggs... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
