|
|
|
|
|
|
by aeternus
2509 days ago
|
|
|
When issuing the EV cert, they don't actually validate any of that so it is of questionable utility. I was surprised how easy it was to get an EV cert. The validators work from an offshore call-center and use sites like whitepages.com to lookup the business. They then call the number listed (you could have updated the listing just before). When they call you simply have to say "I am ... and my position is X at Y company. Then hand the phone to someone else who says something similar". There was no individual identity verification. |
|
|
No CA should make it this easy. Any CA that keeps it easy should just be dealt with by the CA/Browser Forum.