From: "Doug Royer" <Doug(_at_)Royer(_dot_)com>
No the identity matches the cert. Your talking about content fraud not
identity fraud.
Consider the following two scenarios.
1. A person lies to the CA about their identity, yet the CA issues them a
certificate.
E.g. http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx
2. An email worm installs spyware which steals certificates off of PCs and
installs keystroke logging software to steal the password. A spammer uses the
thousands of certificates to send email.
If either of these result in somebody sending mail claiming to be
"Doug(_at_)Royer(_dot_)com", is this identity fraud or content fraud?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg