Hacker News new | ask | show | jobs
by logifail 2520 days ago
> When you paid with your card they knew your identity.

Who's the "they" in that sentence? As it stands, a certificate reseller knows that the Paypal account "some.name.here@gmail.com" paid for a SSL certificate for "www.unrelatedcompany.TLD"

The certificate itself tells you nothing about who paid for it - it doesn't even tell you which email account was used to confirm some level of association with the unrelatedcompany.TLD domain.
1 comments
amfsn 2520 days ago
Then PayPal has the data and LE can follow the trail. Because it's about LE being able to tell who actually bought the certificate, telling me end users can't do that is kinda moving the goalposts.
link
pilsetnieks 2520 days ago
There are certificate authorities all over the world, and many of them not in jurisdictions that would share data with your law enforcement.
link
logifail 2519 days ago
Q1: What kinds of serious crimes involve law inforcement needing to chase up who's behind the purchase of a SSL certificate, anyway?

Q2: Can't the bad guys just buy a pre-paid debit card with cash if they're that desperate to cover their tracks?

link