Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP AUTH BASIC monowall

From: Valdis.Kletnieks () vt edu
Date: Thu, 16 Mar 2006 15:22:14 -0500
On Thu, 16 Mar 2006 15:10:50 EST, Brian Eaton said:


My read of that statement is that Geotrust sees nothing wrong with
their verification process and is not going to take any action to
prevent this from happening again.

The incentives for the CAs are in all the wrong places.  They suffer
no financial harm when they certify a false identity.  Instead, they
make a quick buck.


It's more subtle than that.

Geotrust didn't do *anything* wrong.  They issued a cert for www.mountain-america.net
to the rightful owners of www.mountain-america.net.  There's no reason to raise
a flag here, as nothing nefarious has happened.  They're not up for a financial hit
for certifying a false identity, because they certified the real identity
correctly, as per their procedures.

There's little to nothing that Geotrust can do about the fact that after they
properly certified mountain-america.net, it turned around and pretended to be
mntamerica.net.

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: