ietf-asrg
[Top] [All Lists]

Re: [Asrg] S/MIME

2004-03-30 16:17:14
From: "Doug Royer" <Doug(_at_)Royer(_dot_)com>
No the identity matches the cert. Your talking about content fraud not
identity fraud.

Consider the following two scenarios.
1. A person lies to the CA about their identity, yet the CA issues them a
certificate.
E.g. http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx

2. An email worm installs spyware which steals certificates off of PCs and
installs keystroke logging software to steal the password.  A spammer uses the
thousands of certificates to send email.

If either of these result in somebody sending mail claiming to be
"Doug(_at_)Royer(_dot_)com", is this identity fraud or content fraud?



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>