[cap-talk] Verisign signs cert with CN="CLICK YES TO CONTINUE"

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Tue Feb 15 00:50:02 EST 2005


For once the discussion on Slashdot, at
is not entirely noise. The most interesting post is this one:

# This is what Verisign answered when I asked them the same question last
# year (and then refused the stupid automated reply):

     In response to your email, when this company submitted their request for
     a digital certificate, we followed our standard authenticiation &
     verification policies to make sure of the following:

     1. That the company, Click Yes To Continue, is indeed a legitimate
        company and has the right to conduct business under this company
        name, which was confirmed using an online, 3rd party web site for
        validating companies located in Canada.
     2. Received a valid phone bill from the company, in which we used to
        call the company back & confirm the order.

     Please note that when a company obtaina code signing certificate, we
     DO NOT validate their code, as the customer has to agree to our
     certificate policies before even submitting their requets online.

     Therefore, we did not issue a certificate to a 'fake company'. However,
     we will forward your email to our internal security department and
     Verisign Lawyers to see if this company is indeed distributing
     fraudulent code using a certificate obtained through Verisign.

# Obviously, nothing happened afterwards.

David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list