- From: Serge Egelman <egelman@cs.cmu.edu>
- Date: Tue, 31 Jul 2007 18:05:19 -0400
- To: Johnathan Nightingale <johnath@mozilla.com>
- CC: public-wsc-wg@w3.org
That's not what I said. You previously said that if there's no accountability, you'd pull the root. So, Stephen's argument is that there's accountability because everything on the Internet is traceable, and anyone committing a crime such as stealing a PayPal or credit card will be caught and the CA will be notified within 24 hours of issuance. However this is demonstrably false. serge Johnathan Nightingale wrote: > > On 30-Jul-07, at 6:46 PM, Serge Egelman wrote: > >> We went over this. The $20 GoDaddy example I cited before. I >> registered a domain and purchased a certificate using PayPal, and it's >> all under Stephen's name. Nothing is linked back to me, there is zero >> accountability (BTW: Johnathan said that he'd pull the root if this >> were the case, though I doubt that's happened). > > Are you saying that GoDaddy issued you a cert for a domain you don't > control? If so, absolutely you should let us know, it's a violation of > their audit regime and would be a very good reason to pull their cert. > > Or are you saying that they issued a DV cert for a domain you do in fact > control, but that they didn't audit the other information, which they > never claimed to do anyhow? In which case I admit that I fail to see > the relevance, but I certainly wouldn't pull their root for it, since we > never expected them to vet that. If we did, if we had ever really > demanded that, we wouldn't have needed EV. > > Cheers, > > J > --- > Johnathan Nightingale > Human Shield > johnath@mozilla.com > > > > -- /* Serge Egelman PhD Candidate Vice President for External Affairs, Graduate Student Assembly Carnegie Mellon University Legislative Concerns Chair National Association of Graduate-Professional Students */
Received on Tuesday, 31 July 2007 22:05:46 UTC