Fraudulent certificates in the wild — again
Posted Jan 21, 2013 1:48 UTC (Mon) by giraffedata
In reply to: Fraudulent certificates in the wild — again
Parent article: Fraudulent certificates in the wild — again
you are mixing up fields filled in, and information validated
No, I'm not. I suspect you read something into what I wrote that I didn't intend, for you to think that. (A weird brain slip may have contributed - I wrote "I couldn't tell from Startssl's certificate" where I meant to say, "from Startssl's web site").
I meant to explore what is the difference between Startssl's free and $60 product. The customer isn't going pay more to have himself scrutinized harder and get the same certificate in the end. The difference therefore must consist, ultimately, in what fields are filled in.
Whether the information in those fields is true, or the certificate authority expended effort to be sure it's true, is a whole different conversation.
to post comments)