Eddy Nigg wrote:
> On 04/01/2010 02:40 PM, Michael Ströder:
>> You could also spend ~5000 EUR and have your own corporate sub-CA issuing
>> certs for whatever DNS name you want.
> Which doesn't imply that no domain control validation is performed.
Off course everything is covered by contracts. But there isn't any domain
control validation in the particular case I know of.
An organization I know has such a sub-CA cert signed by a pre-installed
trusted root CA. Domain control validation is practically impossible for the
superior CA since this organization has tens of thousands domains registered.
I know that this organization does not do anything bad so I won't mention the
root CA here.
But personally I take this as evidence that if you spent this fairly low
amount of money you could issue arbitrary certs without the superior CA
noticing it. IMO this could not even be discovered by audits if someone would
want to hide bad activity.
http://patrol.psyced.org/ wrote:Comodo, GeoTrust, GlobalSign, QuoVadis, RSA WebTrust and StartCom are known to offer intermediate CA for money. Still StartCom is extremely popular with small and private web sites for its free services.
al_9x suggests we should combine CertPatrol with Perspectives in a single add-on, but they already do great team work side by side, no?
They have a multi-protocol (PSYC/IRC/Jabber/…) chat: http://www.psyced.org, major developers seem to be there pretty often and are all very friendly.al_9x wrote:Since they don't appear to have a forum
Users browsing this forum: No registered users and 3 guests