Can I trust GeoTrust?

Can I trust GeoTrust?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Can I trust GeoTrust? laredotornado 12-01-2006
Posted by on December 1, 2006, 11:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

We are contemplating getting an SSL cert from Geotrust --
http://geotrust.com/products/ssl_certificates/quick_ssl.asp. But when
I look at IE 6's trusted certificate authority and intermediate
authority list, I don't see anything that says "GeoTrust". Are they
known by another name or am I looking in the right place (Tools ->
Internet Options -> Content -> Certificates -> Trusted/Intermediate
Cert Authorities)?

Thanks for any guidance you can provide, - Dave


Posted by Doug McIntyre on December 2, 2006, 12:41 am
If you were  Registered and logged in, you could reply and use other advanced thread options
laredotornado@zipmail.com writes:
>We are contemplating getting an SSL cert from Geotrust --
>http://geotrust.com/products/ssl_certificates/quick_ssl.asp. But when
>I look at IE 6's trusted certificate authority and intermediate
>authority list, I don't see anything that says "GeoTrust". Are they
>known by another name or am I looking in the right place (Tools ->
>Internet Options -> Content -> Certificates -> Trusted/Intermediate
>Cert Authorities)?

Yes, Geotrust is AKA Equifax.

They should have browser support back to IE 5.01, Netscape 4.51 and
Opera 7, and all versions of Safari and Firefox or higher in all of them.

I'd hate to think anybody running anything earlier than that, and
actually expecting anything to work on the Net nowadays.





Posted by Sebastian Gottschalk on December 2, 2006, 7:59 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Doug McIntyre wrote:

> laredotornado@zipmail.com writes:
>>We are contemplating getting an SSL cert from Geotrust --
>>http://geotrust.com/products/ssl_certificates/quick_ssl.asp. But when
>>I look at IE 6's trusted certificate authority and intermediate
>>authority list, I don't see anything that says "GeoTrust". Are they
>>known by another name or am I looking in the right place (Tools ->
>>Internet Options -> Content -> Certificates -> Trusted/Intermediate
>>Cert Authorities)?
>
> Yes, Geotrust is AKA Equifax.

And they've been aqquired by VeriSlime. But even before, they were
scumbags, even being proud of demonstrating how they circumvented their
very own policies.

> I'd hate to think anybody running anything earlier than that, and
> actually expecting anything to work on the Net nowadays.

There's a clear difference between "user doesn't get any warning message"
and "the certificate doesn't belong to an attacker in violation of
GeoTrust's policies".

Posted by mak on December 4, 2006, 3:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Sebastian Gottschalk wrote:

> And they've been aqquired by VeriSlime. But even before, they were
> scumbags, even being proud of demonstrating how they circumvented their
> very own policies.

never heard of them, what do you mean by that?
sounds scary.

Posted by Sebastian Gottschalk on December 4, 2006, 9:45 am
If you were  Registered and logged in, you could reply and use other advanced thread options
mak wrote:

> Sebastian Gottschalk wrote:
>
>> And they've been aqquired by VeriSlime. But even before, they were
>> scumbags, even being proud of demonstrating how they circumvented their
>> very own policies.
>
> never heard of them, what do you mean by that?
> sounds scary.

See
<http://www.geotrust.com/resources/security_advisories/spoofing/index.asp>

Yes, Opera 8 Beta 3 is bad because it displays the Organisation Unit (OU)
instead of the Organisation Name (ON)... not to mention that it's Equifax's
responsibility (even stated in their ToS) to check the validity of the OU
inside the organisation stated in the ON, as well as checking the OU
against valid ONs.

Similar ThreadsPosted
Do you trust Comodo? March 24, 2005, 7:46 pm
Trust and Risk in the Workplace August 16, 2006, 4:25 pm
Trust and Risk in the Workplace August 15, 2006, 8:59 pm
trust issues associated with Public Key Infrastructure? August 10, 2006, 9:32 am

The site map in XML format XML site map

Contact Us | Privacy Policy