[cabfpub] Phone verification issues

Rich Smith richard.smith at comodo.com
Fri Jun 28 13:01:55 UTC 2013



From: kirk_hall at trendmicro.com [mailto:kirk_hall at trendmicro.com] 
Sent: Thursday, June 27, 2013 4:36 PM



One of the main reasons why the EVGL required telephone confirmation was to increase “findability” of the customer in the event of problems or fraud – we wanted to avoid dealing with an EV customer with a shell corporation and a throw away mobile phone.  



IMO that is one of the problems with the CA/B Forum's work product to date.  We have tried to expand the CAs job and expand SSL beyond what it is designed to do.  The job of CAs and SSL as I see it is to verify identity and domain ownership/control.  I think the above purpose stated by Kirk moves into trying to verify trustworthiness and intent.  I'm not saying there isn't a need for providing a measure of web site owner trustworthiness, I just don't think that the CA/SSL model is the right tool to do the job.  We should stick with what the tool is designed for, site and identity verification.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130628/bdf4229a/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130628/bdf4229a/attachment-0003.bin>

More information about the Public mailing list