- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Tue, 31 Jul 2007 08:56:53 -0400
- To: Serge Egelman <egelman@cs.cmu.edu>
- Cc: public-wsc-wg@w3.org
On 30-Jul-07, at 6:46 PM, Serge Egelman wrote: > We went over this. The $20 GoDaddy example I cited before. I > registered a domain and purchased a certificate using PayPal, and > it's all under Stephen's name. Nothing is linked back to me, there > is zero accountability (BTW: Johnathan said that he'd pull the root > if this were the case, though I doubt that's happened). Are you saying that GoDaddy issued you a cert for a domain you don't control? If so, absolutely you should let us know, it's a violation of their audit regime and would be a very good reason to pull their cert. Or are you saying that they issued a DV cert for a domain you do in fact control, but that they didn't audit the other information, which they never claimed to do anyhow? In which case I admit that I fail to see the relevance, but I certainly wouldn't pull their root for it, since we never expected them to vet that. If we did, if we had ever really demanded that, we wouldn't have needed EV. Cheers, J --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Tuesday, 31 July 2007 13:06:16 UTC