Web of trust

Ryan Malayter rmalayter@bai.org
Thu Jun 6 00:40:01 2002


From: Peter T. Abplanalp [mailto:pta@psaconsultants.com]=20
>...i can generate an ssl key sign request=20
>cert, put it in on their web site and bingo,=20
>i get my cert signed.  what kind of check
>did verisign perform?  who knows and that is=20
>the point.  and yet they feel they can charge=20
>money for this "service."

Not sure about Verisign, but Thawte (now owned by VeriSign) required
several hard-copy documents, including tax filings and articles of
incorporation signed by corporate officers. They also used our Dun and
Bradstreet information. They then called our offices and civil agencies
and verified information before issuing the certificate. I'm not sure
what else they could do without actually flying to Chicago and meeting
with everyone.