[136021] in cryptography@c2.net mail archive
Re: EV certs: Doing more of what we already know doesn't work
daemon@ATHENA.MIT.EDU (Stefan Kelm)
Fri Oct 24 08:26:26 2008
Date: Wed, 01 Oct 2008 15:45:28 +0200
From: Stefan Kelm <stefan.kelm@secorvo.de>
Reply-To: stefan.kelm@secorvo.de
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com
In-Reply-To: <E1Ki0sp-0000sI-FV@wintermute01.cs.auckland.ac.nz>
Cool! ;-)
Verisign's CPS has been an inspiration for me for quite
a few years now. E.g., this statement has been in there
for a number of years:
The Certificate, however, provides no proof of the identity
of the Subscriber.
Taken from page 12 of the current version, obviously (?)
referring to so-called "Class 3 certificates".
Cheers,
Stefan.
---------------------------------------------------------
Stefan Kelm
Security Consulting
Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
stefan.kelm@secorvo.de, http://www.secorvo.de/
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
