Eddy Nigg wrote: > I wouldn't state it this way, otherwise we urgently need to modify the > Mozilla CA policy! An attacker shouldn't be successful in such an > attempt and CAs should have controls in place to detect such attempts.
If that's true, then what controls to Startcom (to take an example) already have in place to detect this sort of thing? http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html How would you know if I was using such a flaw to intercept the email traffic between Startcom and a site, in order to get a cert for that site? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
