relying party agreement
You cannot use wildcard characters. By clicking SEARCH, you accept the terms of our Relying Party Agreement.
Clicking on the above generates a 404 error. So there's no agreement to agree to...???
VeriSign SSL certs open to tampering, competitor warns
VeriSign and one of its partners have come under fire for publicly exposing webpages used to process customer security certificates, a practice a competitor claims puts some of the biggest names on the web at risk of serious targeted attacks. According to Melih Abdulhayoglu, CEO of internet security firm Comodo, publicly …
-
Friday 25th June 2010 08:40 GMT Anonymous Coward
Let me get this straight...
So they're saying that the information disclosed is sensitive, but most of it is included in the final certificate anyway and is thus public accessible through the secured web site anyway.
They're also saying that if you've put your password (sorry, 'challenge response') online somewhere, then people can pretend to be you to make changes.
Let me guess, next they'll tell us that the pope shits in the woods, or that bears are catholic?
-
Friday 25th June 2010 09:17 GMT Ken Hagan
You're being too paranoid
"But it seems a fair point that they needlessly expose information that would better be kept private."
Like what? You can bet that the number of people who know these email addresses within the various organisations is already fairly large, and that there are other ways of finding the information. Verisign's attitude merely emphasises that this is not security-critical information. In fact, it's rather reassuring to see that they don't believe in security by obscurity.
This topic is closed for new posts.
Biting the hand that feeds IT
