Re: [tlug] System security and public policy [was: Anyone seenthis gizmo yet?]

["Nikolay Elenkov" <nick@example.com>]

2009年 9月 9日（水）11:10 am に Edward Middleton さんは書きました：
> Curt Sampson wrote:
>> Edward Middleton wrote:
>>
>>> With only a domain name check it doesn't tell you who the holders of
>>> the domain are.  Without that information it is pretty difficult to
>>> assess the trustworthiness of the site.
>>>
>>
>> It's easy to look up the holders of the domain in the whois database.
>>
>
> Which tells you nothing?  A/someones credit card is all you need to
> register a domain name.
>

There are also:

OV (Organization Validation) certificates. The issuing authority
checks that the organization/individual owning the domain actually
exists and is who they claim to be. That is done by requesting
a government-issued ID and/or placing a call to the publically
listed phone number for the company. However, it looks no different
in your browser than a 'normal' DV (domain validation) certificate,
so not that useful IMHO.

EV (Extended Validation) certificates. The issuing authority
requires company registration papers, address registrations,
tax papers, etc. The procedure is quite involved (and expensive),
but you get a big green bar in the browser with the company's name ([1].
You could then be reasonably sure that the owner of the site
is who they say they are and can look them up using the
actual company name.

If average users actually notice the difference is another matter
though...

[1] Go to http://direct.smbc.co.jp/aib/ and click ログイン