On Tue, 18 Mar 2003 01:46:53 EST, Kee Hinckley said:
At 11:18 PM -0500 3/17/03, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
And how much do said certs prove? What verification does QuickCert do to
make sure that they're issuing a cert to an actually identified user?
Basically they seem to do a credit check and make sure that the whois
and contact information matches the organization information. I
assume Phillip could address that more completely.
How proof is the system against identity theft? There's 50M .coms, a
large portion of them are probably vanity domains - JoeRandom.com,
the Whois probably gives enough info to start, if you can score an SSN
to match, you could probably get a cert. Might even be able to
do it without the SSN.
I admit ignorance of this stuff - does the $100-and-under segment at
least involve a phone callback or snail-mail exchange (both of which go
a long way to nailing down physical location and all that). If I have to
answer the phone at the number listed in the 'whois' for the domain,
that raises the stakes a lot, because there's a lot more paper trail
then (telcos and real estate rental offices both dislike people who
skip out.. ;)
pgpCJEsQpGQDe.pgp
Description: PGP signature