Fraudulent certificates in the wild — again
Posted Jan 17, 2013 18:02 UTC (Thu) by giraffedata
In reply to: Fraudulent certificates in the wild — again
Parent article: Fraudulent certificates in the wild — again
As I understand it, it isn't an issue of to whom a certificate is issued, but for whom. So even the hypothesized fraud of "pretending they are an individual" would not work. The certificate the business would get by doing that would be a certificate proving the identity of some person (where a person's identity apparently consists of his email address). So no browser would accept that as proof that the web server on the other end of some socket is lwn.net. Or that it is operated by the organization commonly known as LWN.
to post comments)