[cabfpub] Domain validation

Anoosh Saboori ansaboor at microsoft.com
Thu Apr 16 16:30:02 UTC 2015


If site owner cares enough, he can protect against his certificates being stolen by the attacker you outlined, but he will not be able to protect against CAs following our guidelines issuing certificate for that attacker. 

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Thursday, April 16, 2015 9:28 AM
To: Anoosh Saboori; Eddy Nigg; public at cabforum.org
Subject: Re: [cabfpub] Domain validation

On 16/04/15 17:27, Anoosh Saboori wrote:
> Not if the SSL certificate is bound to hardware (like TPM).

How common is that?

Gerv


More information about the Public mailing list