Florian, I think you refer to cert issued to spammers holding a domain,
and getting a DV cert for that domain that they registered? The cert is
issued correctly for the domain, just the organization does not do clean
business. This is a totally different issue.
I am talking about a phisher being able to get a cert for
www.bankofamerica.com or (worse) addons.mozilla.org.
Ben
On 30.12.2008 21:47, Florian Weimer wrote:
Now, 3 years later, some scammers and spammers actually notice me and
set up fake SSL sites with my certs.
Not just fake sites. Some of the OEM software spammers use valid SSL
certificates for the checkout procedure, e.g.:
<https://secure.securesoftmarket.com/>
I doubt that this will happen
with certificates because it's hard to see why issuing a certificate
creates liability, while delegating a domain does not.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
