Why not just use the secure domain transfer identifier? Only the real holder
of the domain has that.
-Kyle H
On Mon, Feb 6, 2012 at 12:21 PM, Kai Engert wrote:
On 21.10.2011 15:09, Kai Engert wrote:
This is an idea how we could improve today's world of PKI, OCSP, CA's.
https://kuix.de/me
On 07.02.2012 17:54, Ondrej Mikle wrote:
The phone calls would ensure that each registered person will be aware
of the certificate issuance.
This is getting very close to EV validation (Sovereign Keys have the
same issue).
I'd say making phone calls is less effort than checking business
docu
My previous message was a proposed solution to the problem "attacker is
close to the server and uses it to obtain a new fraudulent cert", and I
proposed to use an organizational approach to prevent that attack.
In addition, another potential attack is, the attacker has obtained a
certificate f
Hi,
Kai Engert wrote:
> If the attacker is able to hack the router that is close to the
> webserver (e.g. hack the ISP that hosts the webserver), then the
> attacker might be able to simply apply for a certificate from a CA and
> intercept the (plaintext) approval emails the CA sends to the domain
4 matches
Mail list logo
