You are begging the question again. An individual registered safe-pay-vault.com. Was the same individual on th WHOIS record involved in another malicious processor?
eg bestbillingpro.com in one of your ex-post reference was registered by a totally different person.
Anybody can trust that a DV cert provide a secure encrypted connection to the site featured in the cert and it is possible to verify that the URL match the on in the DV cert.
The encryption is meant to maintain the confidentiality of the information sent.
As for DV certs Vengine has been around for a long time now.
VerificationEngine has the ability to recognize the difference between High Assurance SSL certificates where the information within the SSL certificate contains the details of the organization/entity that you wish to transact with and Low Assurance, where only the website name is contained.
It is not recommended that you inherently trust a Low Assurance SSL Certificate unless you have a pre existing relationship with the organization and have specific knowledge that the web site does indeed belong to that organization.
Strange there is no blog about the actual state of Internet infrastructure let alone about other entities involved with that malicious site. And this is not irrelevant…
IP blackilsing should obviously involve ISP themselves whereas the registar is the first to acknowledge the identity of site owner…
Now an IP blacklist obviously would be not up to the task isn’t?
As different site owned by different people can be hosted on the same IP and you should know that…
Unless I’m mistaken, this isn’t what we’re referring to. We know the role of the cert, we know it’s role is to certify that it’s a secure connection - we’re not questioning this.
It may not be mentioned on Mike’s blog, but it’s mentioned elsewhere (e.g. my own blog)
IP blacklisting isn’t going to help, specifically because of the fact that sites can be hosted anywhere - the IP is only one of the indicators, not the root.
I do indeed know this. I’m not asking for Comodo to use an IP blocklist, only that they check the IP for signs of malicious activity before allowing the cert. Other methods would need to be involved - and yes, I’m aware DV doesn’t require verificiation, but again - this is one of the main problems, and something already covered (and something Melih has already stated as one of the reasons he doesn’t like or recommend them - which again, is one of the issues. If he doesn’t like them, stop issuing them).
To stop us going round in circles (we could argue for days about the best way of identifying malicious sites), let’s get to the root of the problem.
Comodo is continuing to issue DV certs to malicious sites
Melih has stated he doesn’t like DV certs amd is recommending people NOT use them, but continues to supply them
It is these two points, and these alone, that need to be resolved.
The fact you avoid an explicit clarification and that you have not posted the WHOIS records to confirm you previous statement is rather baffling.
Again I invite you to provide some documented information as increasing the number of posts will only lead to confusion. And I assume that you don’t want that.
It was you who suggested blocklists. And again you are willing to beg the question and focus on Comodo alone.
This is is what you would have the topic drift to. I asked you about a comment you made on a blog not about your one-sided expectation about Comodo alone.
Besides don’t make it appear a Comodo only problem.
I focused on DV certs but if I had to extend the root of the problem would be that many security professional do not focus on their inherent limitations at all.
So the root of the problem is that reading some blogs it could appear other CAs are immune to these issues.
As it disconcerting that some MPV blogs cannot provide some education about this. Apparently related info can be found all but there.
There would be no issue if people would generally be aware about the inherent value of DV certs. Isn’t it?
Pls refer to my reply previously about DVs and Comodo’s role. If that hasn’t clarified it pls tell me what aspect of the explanation you didn’t understand or have a problem with.
As to hopsurf: Do you accept that primary functionality of hopsurf is NOT search?
If you accept that search is not primary function how can you or Donna claim its an ask toolbar which is only a search bar?
As for DV’s: I will again refer you to my previous post and again pls read it and let me know what aspect of it you disagree with. (you are repeating the same question without reading what I am referring you to.)
Wait, so is the problem that ASK toolbar is insecure or is the problem that users can search via Ask.com? How is it different from any other search toolbar. Doesn’t the Yahoo toolbar search yahoo?
I guess I find the search via ASK search engine much less worrying than a third party toolbar with known vulnerabilities.
…and I seriously think this is a storm in a water glass. Some people seem to love that, any chance to bash Comodo and they’re happy. Toggie made a joke, it was very obvious.
I can’t believe that another thread goes this way… all this is just totally unbelievable to me. I have nothing further to add whatsoever and I will not make another post in this thread (this was my second and last post).
I said anyone of any standing. I’m a casual internet user. It doesn’t apply.
And the "grubby little board" has more than 75,000 members...
Active members are what count. The total registrations is a meaningless figure as far as being able to tell how active a board really is.
hm, I share your opinion - this shouldn't be proposed by a mod - but be moderated...
But on the one hand, you tell Melih he should censor this opinion posted by a voluntary mod, on the other hand, you're afraid of anything is modified, so you're saving this thread for reference?
It's very hard to decide which posts should remain public and which should be removed. I'm glad, that you can post almost any opinion here without being censored. And I'm glad that I don't have to make this decission in some cases...
Again - the mods are voluntary - I can't see, why Melih needs to apologize for this - maybe Toggie should do...
I'm saving the thread to maintain a copy of what has proceeded. Not to preserve my own words.
Voluntary or not, the Mods are there to uphold the forum values. They set the example that others follow. They speak for the board. They speak for Comodo. Or are the Mods above the rules?
That’s the problem with voluntary Mods… They don’t have the same mettle as one that’s earned it.
Hacking comments, when made by a forum staff, can be construed as incitement, correct? No board wants that… So any spokesperson (Mod) for a board, making such comments, should be grilled and treated appropriately.
So, your current tactic would be to get each individual CA to drop DV’s one-by-one?
I can see a few flaws in this approach. But, for me, the main flaw is that you seem to be working on the principle that getting just Comodo to stop issuing DV’s is an achievable, or even a realistic, goal. After all, you’re asking Comodo to send their customers to other CA’s (ie. the competition) to buy DV’s. This obviously doesn’t stop DV’s at all… although, it does risk muting & negating your only current ally in the CA camp. Where as, currently, Comodo is trying to sell OA & EV certs to DV seeking customers as a matter of practice and that does directly benefit the end user.
So, given that you & your colleagues must have thought this through, what is the actual game plan with regards to DVs from your perspective Steve?
Are you suggesting that WHOIS records are deleted too before the domain expires and this is the reason you provide for the lack of historical data?
To confirm the same individual was involved two matching whois records would be needed.
I assumed you verified and documented two matching WHOIS records to confirm that the person who registered safe-pay-vault.com also registered another reported domain.
But it looks like I got the wrong impression. Now it looks more like you “trusted” that Mike did. Can you point out where Mike provide such documented matching WHOIS records?
I guess you already confirmed that a single IP could host different sites from different owners.
Besides I guess you would hopefully agree that having IP supersede WHOIS records would be too far fetched advice.
Aren’t WHOIS records supposed to provide information about the identity of an individual/organization registering a site or are IP supposedly meant for that purpose?
Because it looks the IP don’t actually prove the identity whenever even checking WHOIS records meant to confirm the owner wouldn’t appear to be resolutive, isn’t it?
Although this doesn’t exclude that a relation could be confirmed through other means at a later time wouldn’t be too far fetched to assume it would be possible to confirm a relation immediately like elsewhere implied?
Besides how comes that Registar aren’t a reliable source of information?
Because DV certs are not meant to authenticate the individual owning a website (OV and EV certs are meant for that) whereas WHOIS records are supposedly meant for that purpose.
How can you claim that Donna is not spreading misinformation while she still has this post and still refers people to it in her blog now!
“users to be at risk by installing a toolbar that has questionable reputation”
What questionable reputation does hopsurf have?
Even after she has been corrected many times over she still continues to spread false information! Even now! Simply Amazing! Do you realise she is spreading misinformation by choice MysteryFCM?
The blogger still hasn’t put my reply although he has allowed other people to put their replies since my post of yesterday. Anyway, you can read the reply above anyway…
[at]Melih: If you say HopSurf and Ask.com have nothing in common, how come we can’t have more search engines and all the search going through the toolbar goes through Ask.com? I personally don’t like Ask.com and would like to use another search engine but HopSurf doesn’t allow that.
Previously a large portion of the community asked for the removal of the Ask.com toolbar from the bundle, you replaced it with HopSurf but sometimes it seems only the interface had been replaced, while its main feature - searching - still goes through Ask.com. How about completely removing all Ask.com features from HopSurf?
I see you are not using the address bar in your FF (?) browser. You want the Comodo hopsurf search field be like the standard search field that FF delivers? I think that would be too much to ask.
