On 02/24/2009 01:23 AM, Gervase Markham:
All the registries added to the list had this when they were added. As I said in my previous message, if you know of a registry which no longer meets these criteria, please let me know.
How to prove? Does Mozilla buy domain names (or purchase certificates) from time to time in order to govern its policies?
CAs are irrelevant to spoofing issues. If www.something.com is a homograph for www.someth1ng.com, that's a bad thing irrespective of whether the owners of each of the two domains can get a certificate for them.
Only CAs are relevant if at all. You don't expect that 200 domain names were registered by going through anti-spoofing checking and measures, do you?!
Concerning the example above, a certificate for the later would represent a problem at least for some CAs, it might be nevertheless issued if there is evidence that no basis for concern exists (due to out-of-bound identity validation for example).
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
