[Cscwg-public] Face-to-face validation
Dean Coclin
dean.coclin at digicert.com
Fri Apr 26 10:19:55 MST 2019
It's an additional check that would add "friction" to the process, which
cybercriminals try to avoid. The case we talked about on the call would
involve a live video (via Skype or similar) to validate identity and
affiliation.
Dean
-----Original Message-----
From: Cscwg-management <cscwg-management-bounces at cabforum.org> On Behalf Of
Kuley, Oliver
Sent: Friday, April 26, 2019 6:12 AM
To: cscwg-management at cabforum.org
Subject: [Cscwg-management] Face-to-face validation
I'm not sure how this would work. You can't check someone's affiliation with
a certain company that way. And there have been a number of press reports
(in Germany) recently of people, who have been duped into video ID'ing
themselves for someone else. They thought they were hired as quality
assurance testers and told to test video identifications. But under no
circumstances were they to give the game away until the ID process was
completed. The attacker could buy additional time by making the tester fill
out a questionnaire afterwards.
-Oliver
_______________________________________________
Cscwg-management mailing list
Cscwg-management at cabforum.org
http://cabforum.org/mailman/listinfo/cscwg-management
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190426/b5e91aee/attachment.p7s>
More information about the Cscwg-public
mailing list