[cabfpub] Ballot 92 reviewed
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Oct 29 08:45:11 MST 2012
On 10/29/2012 03:33 PM, From Gervase Markham:
> This is begging the question of whether you need to know the 'owner'
> in this sense in the first place. Or, to put it another way: why is
> this argument not an argument against all DV certs?
It could be one - except that the risk is clearly lower (one domain and
its subs, versus a bunch of unrelated host names nobody knows how they
even should be related to each other) if handled correctly.
Current UIs clearly show the domain name (common name?) prominently.
Wouldn't I be working in the PKI business, I probably wouldn't have a
clue how to relate to www.playpal.com when seeing mozilla.org in the UI.
DVs are incredible useful for low-risk sites such as blogs, forums,
webmin, private mail/webmail, remote access etc. They usually don't need
either wild cards nor multiple different domain names. That's where DV
comes in nicely as a quick-and-dirty solution. I believe it's neither
useful for e-commerce nor for any other higher risk application - wild
cards due to their nature of being valid for any sub domain (including
/paypal/.src.com) and multiple different domains included.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20121029/0ba8d73b/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : http://cabforum.org/pipermail/public/attachments/20121029/0ba8d73b/attachment.bin
More information about the Public
mailing list