* Ben Bucksch: > Florian, I think you refer to cert issued to spammers holding a > domain, and getting a DV cert for that domain that they registered? > The cert is issued correctly for the domain, just the organization > does not do clean business. This is a totally different issue.
Oops, sorry, then I misunderstood you. However, if it's okay to do bad things with a certificate (from the browser PKI point of view) if you also own the corresponding domain name, we still have a problem thanks to the way the padlock icon has been advertised. > I am talking about a phisher being able to get a cert for > www.bankofamerica.com or (worse) addons.mozilla.org. Mozilla should probably hard-code the certificate for addons.mozilla.org. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
