Re: [Full-disclosure] HTTP AUTH BASIC monowall



On Thu, 16 Mar 2006 16:48:40 EST, Brian Eaton said:

I started digging around on Geotrust's web site looking for their
policy on issuing certificates and stumbled across a FAQ on
high-assurance SSL certificates. This sounds like a step in the right
direction.

Yes, that's a partial solution, for those clued enough to understand it...

http://www.geotrust.com/products/ssl_certificates/hassl_faq.asp

Several of the CA's do similar things. And they're usually nice enough to
use separate root certs for the various classes - so if you feel so inclined,
keep their 'We sign high-assurance certs" CA listed, and heave the "the verification
e-mail didn't bounce" CA over the side. ;)

Attachment: pgpA7b15LSLCP.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/