Identity
Who am I? Topics on authentication and authorization
Verification
Our friends at Verisign like to use a trusted third-party source when verifying the identity of the contact information given in a certificate signing request. What this entails is that they call 411 and ask for a the listed telephone number of the requesting company. They then call that number, and ask to speak with the person requesting the certificate, or ask for confirmation that the requestor is employed by said company.
You would think that the phone company would be easily verifiable. Turns out that they can't just call the operator to get in touch with someone on staff, nor are the affiliates' listed numbers answered by live people. How funny is that?
11:08:40 PM # Google It!
categories: Identity, Security