| ▲ | letsgetreal 11 hours ago | |||||||
Nothing mentioned will help for a website with a Let's Encrypt SSL cert. How can I know with confidence that I can conduct commerce with this website that purports to be the company and it's not a typo squatter from North Korea? A google search doesn't cut it. Nothing in this thread has answered that basic question. It's a non-issue for DigiCert and Sectigo certs. I can click on the certs and see for myself that they're genuine. | ||||||||
| ▲ | bentley 10 hours ago | parent | next [-] | |||||||
Worse than typosquatting is EV’s problem that anyone can register a corporation with an identical name. https://web.archive.org/web/20171211181630/https://stripe.ia... | ||||||||
| ||||||||
| ▲ | tptacek 11 hours ago | parent | prev | next [-] | |||||||
No you can't. Even during the EV years, clowning an EV cert was more like a casual stunt for researchers than an actual disclosable event. In reality, there's nothing DigiCert is meaningfully doing to assure you about "conducting commerce" on sites. | ||||||||
| ▲ | tialaramex 10 hours ago | parent | prev [-] | |||||||
> It's a non-issue for DigiCert and Sectigo certs. I can click on the certs and see for myself that they're genuine. You can see for yourself that a Let's Encrypt certificate is genuine too. | ||||||||