Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall
From: Valdis.Kletnieks () vt edu
Date: Thu, 16 Mar 2006 15:22:14 -0500
On Thu, 16 Mar 2006 15:10:50 EST, Brian Eaton said:
My read of that statement is that Geotrust sees nothing wrong with their verification process and is not going to take any action to prevent this from happening again. The incentives for the CAs are in all the wrong places. They suffer no financial harm when they certify a false identity. Instead, they make a quick buck.
It's more subtle than that. Geotrust didn't do *anything* wrong. They issued a cert for www.mountain-america.net to the rightful owners of www.mountain-america.net. There's no reason to raise a flag here, as nothing nefarious has happened. They're not up for a financial hit for certifying a false identity, because they certified the real identity correctly, as per their procedures. There's little to nothing that Geotrust can do about the fact that after they properly certified mountain-america.net, it turned around and pretended to be mntamerica.net.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HTTP AUTH BASIC monowall Brian Eaton (Mar 16)
- Re: HTTP AUTH BASIC monowall Tim (Mar 16)
- Re: HTTP AUTH BASIC monowall Valdis . Kletnieks (Mar 16)
- Re: HTTP AUTH BASIC monowall bkfsec (Mar 16)
- Re: HTTP AUTH BASIC monowall Tim (Mar 16)
- Re: HTTP AUTH BASIC monowall bkfsec (Mar 17)
- Re: HTTP AUTH BASIC monowall Tim (Mar 17)
- Re: HTTP AUTH BASIC monowall bkfsec (Mar 16)
- Re: HTTP AUTH BASIC monowall Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall Brian Eaton (Mar 17)
- Re: HTTP AUTH BASIC monowall Valdis . Kletnieks (Mar 16)
- Re: HTTP AUTH BASIC monowall Brian Eaton (Mar 16)
- Re: HTTP AUTH BASIC monowall Valdis . Kletnieks (Mar 16)
- <Possible follow-ups>
- Re: HTTP AUTH BASIC monowall Jason Coombs (Mar 16)
- Re: HTTP AUTH BASIC monowall Jason Coombs (Mar 16)
- Re: HTTP AUTH BASIC monowall Dave Korn (Mar 17)