[cap-talk] Verisign signs cert with CN="CLICK YES TO CONTINUE"
david.nospam.hopwood at blueyonder.co.uk
Tue Feb 15 00:50:02 EST 2005
For once the discussion on Slashdot, at
is not entirely noise. The most interesting post is this one:
# This is what Verisign answered when I asked them the same question last
# year (and then refused the stupid automated reply):
In response to your email, when this company submitted their request for
a digital certificate, we followed our standard authenticiation &
verification policies to make sure of the following:
1. That the company, Click Yes To Continue, is indeed a legitimate
company and has the right to conduct business under this company
name, which was confirmed using an online, 3rd party web site for
validating companies located in Canada.
2. Received a valid phone bill from the company, in which we used to
call the company back & confirm the order.
Please note that when a company obtaina code signing certificate, we
DO NOT validate their code, as the customer has to agree to our
certificate policies before even submitting their requets online.
Therefore, we did not issue a certificate to a 'fake company'. However,
we will forward your email to our internal security department and
Verisign Lawyers to see if this company is indeed distributing
fraudulent code using a certificate obtained through Verisign.
# Obviously, nothing happened afterwards.
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk