ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] A method to eliminate spam

2003-03-18 01:21:45
from [Valdis . Kletnieks] [Permanent Link] 
On Tue, 18 Mar 2003 01:46:53 EST, Kee Hinckley said:

At 11:18 PM -0500 3/17/03, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

And how much do said certs prove?  What verification does QuickCert do to
make sure that they're issuing a cert to an actually identified user?


Basically they seem to do a credit check and make sure that the whois 
and contact information matches the organization information.  I 
assume Phillip could address that more completely.


How proof is the system against identity theft?  There's 50M .coms, a
large portion of them are probably vanity domains - JoeRandom.com,
the Whois probably gives enough info to start, if you can score an SSN
to match, you could probably get a cert.  Might even be able to
do it without the SSN.

I admit ignorance of this stuff - does the $100-and-under segment at
least involve a phone callback or snail-mail exchange (both of which go
a long way to nailing down physical location and all that).  If I have to
answer the phone at the number listed in the 'whois' for the domain,
that raises the stakes a lot, because there's a lot more paper trail
then (telcos and real estate rental offices both dislike people who
skip out.. ;)

Attachment: pgpCJEsQpGQDe.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Per domain blacklists, Valdis . Kletnieks
Next by Date:  Re: [Asrg] A method to eliminate spam, Ronald F. Guilmette
Previous by Thread:  Re: [Asrg] A method to eliminate spam, Kee Hinckley
Next by Thread:  RE: [Asrg] A method to eliminate spam, John Rumpelein
Indexes:  [Date] [Thread] [Top] [All Lists]