[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200502162156.j1GLuet00568@panix5.panix.com>
Date: Wed, 16 Feb 2005 16:56:40 -0500 (EST)
From: Seth Breidbart <sethb@...ix.com>
To: bugtraq@...urityfocus.com
Subject: Re: International Domain Name [IDN] support in modern browsers allows
attackers to spoof domain name URLs + SSL certs.
[BBB vs. CA]
Gwendolynn ferch Elydyr <gwen@...tiles.org> wrote:
> Actually I don't take your meaning. I'd appreciate it if you could
> spell out why you think that one organization paid to provide trust
> is different from another organization paid to provide trust.
Some are more competent than others.
In this case, neither is worth anything.
The CA says at most "They verified ownership of a domain at a very low
standard of proof." The BBB says "They pay us and they responded to
all complaints and said they did the right thing."
Neither of them is on the hook for having bad customers, nor will
either be likely to say bad things about its customers (which are
those who pay it).
Seth
Powered by blists - more mailing lists