Eddy: It's important to realize something rather important... security must be designed into the system from the ground up, and all pieces of a secure system must operate together properly. It's not *just* the CA, it's everything.
Since we don't have a secure system, we need to find a way to make things as secure as possible given the lack of cooperation from the registrars/ICANN/browser vendors/CAs/users. -Kyle H On Mon, Feb 23, 2009 at 3:54 PM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 02/24/2009 01:23 AM, Gervase Markham: >> >> All the registries added to the list had this when they were added. As I >> said in my previous message, if you know of a registry which no longer >> meets these criteria, please let me know. > > How to prove? Does Mozilla buy domain names (or purchase certificates) from > time to time in order to govern its policies? > >> CAs are irrelevant to spoofing issues. If www.something.com is a >> homograph for www.someth1ng.com, that's a bad thing irrespective of >> whether the owners of each of the two domains can get a certificate for >> them. > > Only CAs are relevant if at all. You don't expect that 200 domain names were > registered by going through anti-spoofing checking and measures, do you?! > > Concerning the example above, a certificate for the later would represent a > problem at least for some CAs, it might be nevertheless issued if there is > evidence that no basis for concern exists (due to out-of-bound identity > validation for example). > > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: start...@startcom.org > Blog: https://blog.startcom.org > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
