Public Key Infrastructure: An Artifact...
Lynn.Wheeler at firstdata.com
Lynn.Wheeler at firstdata.com
Sun Nov 19 05:31:03 PST 2000
actually ... not really ... this was discussed early this summer as to what they
actually check ... and how trivial it is to fabricate necessary details to pass
such checking
random ref:
http://www.garlic.com/~lynn/aadsmore.htm#client3
in general it is sufficient to have registered any DBA name & have a d&b entry
plus some misc. other stuff ... all relatively easy to establish. Since the DBA
name & d&b entry aren't cross-checked as part of the SSL certificate validation
... just the domain name in the certificate against the domain name used ... you
could be really surprised at what comes up for DBA names.
I've had credit card statements that listed the DBA names which had absolutely
no relationship to the name of the store I had been to ... which i eventually
had to call both the credit card company/bank and the store to figure out what
was going on.
Ben Laurie <ben at algroup.co.uk> on 11/19/2000 04:08:39 AM
More information about the cypherpunks-legacy
mailing list