ietf-asrg
[Top] [All Lists]

Re: [Asrg] S/MIME

2004-03-21 15:52:29
Doug Royer <Doug(_at_)Royer(_dot_)com> wrote:
Now that I have -  so what?

  I was pointing out that you have no way of knowing *which* address
is the "real" one.  The fact that all of them are signed and certified
is irrelevant.  When you get email from "user(_at_)example(_dot_)com", and
"user(_at_)example-canada(_dot_)com", and "user(_at_)example(_dot_)ca", you 
still don't know
which one is real.  The others could very well be fraudulent.

And which trusted CA are you talking about would issue a 
user(_at_)example(_dot_)com
address to a example-canada.com email address? 

  I've never said that.  Stop trying to misinterpret me.

I own royer.com, it does not mean that I own all businesses named 'royer'.
So again so what?

  You're missing my point, that's what.  How does *anyone* associate
the "royer" business they know in meat-space with a "royer" they see
on the net?  Heck, I can register 'the-real-royer.com", steal your
content, get certs signed for it, and announce that "royer.com" is
fraudulent.  How much time and money will you lose?  And you won't be
able to catch me.  The best you can hope for is to convince a
registrar to nuke the name.

 It's easy to get a domain and/or certificate with fraudulent identities.

I'll reimburse you if you can get a fraudulent cert for 'royer.com' from 
a CA that I trust.

  See, I say "fraudulent identities", and you say "fraudulent cert".
Do you understand that you're not talking about the same thing I'm
talking about?

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>