[144433] in North American Network Operators' Group
Re: Why are we still using the CA model? (Re: Microsoft deems all
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sun Sep 11 23:28:50 2011
In-Reply-To: <221E581B-206F-4BFF-92FF-EB0761C42CA3@GREnergy.com>
Date: Sun, 11 Sep 2011 23:28:03 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: "Hughes, Scott GRE-MG" <SHughes@grenergy.com>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG
<SHughes@grenergy.com> wrote:
> Companies that wrap their services with generic domain names (paymybills.=
com and the like) have no one to blame but themselves when they are targete=
d by scammers and phishing schemes. Even EV certificates don't help when co=
nsumers are blinded by subsidiary companies and sister companies daily (Mot=
orola Mobility a.k.a. Google vs. Motorola Solutions.)
So, part of my point here about ev/dv/etc certs is that in almost all
cases of consumer fraud and protection, HTTPS is never used. Hell,
half the spams I get are
http://IP_ADDRESS/somethign/something/something.php ... Falling back
on the 'well ev certs are there to provide protection to the consumer'
is just FUD (I think).
again, not seeing a benefit here...
-chris
