for the information. Verisign OnSite service is allowing sub-CA for corporate. the corporate operator is able to request issueing SSL certificate for there server from VERISIGN ROOT CA. and verisign root ca automatically issues the certificate by the request of company.
I think this is one of the evidences regards. mountie. 2010/4/2 Michael Ströder <mich...@stroeder.com> > Eddy Nigg wrote: > > On 04/01/2010 02:40 PM, Michael Ströder: > >> You could also spend ~5000 EUR and have your own corporate sub-CA > issuing > >> certs for whatever DNS name you want. > > > > Which doesn't imply that no domain control validation is performed. > > Off course everything is covered by contracts. But there isn't any domain > control validation in the particular case I know of. > > An organization I know has such a sub-CA cert signed by a pre-installed > trusted root CA. Domain control validation is practically impossible for > the > superior CA since this organization has tens of thousands domains > registered. > I know that this organization does not do anything bad so I won't mention > the > root CA here. > > But personally I take this as evidence that if you spent this fairly low > amount of money you could issue arbitrary certs without the superior CA > noticing it. IMO this could not even be discovered by audits if someone > would > want to hide bad activity. > > Ciao, Michael. > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- Mountie Lee Tel : +82 2 2140 2700 E-Mail : moun...@paygate.net Twitter : mountielee ======================================= PayGate Inc. * WEB STANDARD PAYMENT * PCI DSS 100% COMPLIANT * www.paygate.net * payg...@paygate.net
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
