[cabfpub] Phone verification issues

Rich Smith richard.smith at comodo.com
Fri Jun 28 06:01:55 MST 2013


 

 

From: kirk_hall at trendmicro.com [mailto:kirk_hall at trendmicro.com] 
Sent: Thursday, June 27, 2013 4:36 PM



<snip>

 

One of the main reasons why the EVGL required telephone confirmation was to increase “findability” of the customer in the event of problems or fraud – we wanted to avoid dealing with an EV customer with a shell corporation and a throw away mobile phone.  

</snip>

 

IMO that is one of the problems with the CA/B Forum's work product to date.  We have tried to expand the CAs job and expand SSL beyond what it is designed to do.  The job of CAs and SSL as I see it is to verify identity and domain ownership/control.  I think the above purpose stated by Kirk moves into trying to verify trustworthiness and intent.  I'm not saying there isn't a need for providing a measure of web site owner trustworthiness, I just don't think that the CA/SSL model is the right tool to do the job.  We should stick with what the tool is designed for, site and identity verification.

 

Rich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130628/bdf4229a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130628/bdf4229a/attachment.bin 


More information about the Public mailing list