Comment by letsgetreal
12 hours ago
Nothing mentioned will help for a website with a Let's Encrypt SSL cert. How can I know with confidence that I can conduct commerce with this website that purports to be the company and it's not a typo squatter from North Korea? A google search doesn't cut it. Nothing in this thread has answered that basic question.
It's a non-issue for DigiCert and Sectigo certs. I can click on the certs and see for myself that they're genuine.
Worse than typosquatting is EV’s problem that anyone can register a corporation with an identical name.
https://web.archive.org/web/20171211181630/https://stripe.ia...
I think it is working as intended.
Register a corporation often meant it is linked to a real life, government issued ID.
If you do scam or fraud on that web site, they know where to find you.
... unless, of course, if the CA ain't doing the verification.....
No you can't. Even during the EV years, clowning an EV cert was more like a casual stunt for researchers than an actual disclosable event. In reality, there's nothing DigiCert is meaningfully doing to assure you about "conducting commerce" on sites.
> It's a non-issue for DigiCert and Sectigo certs. I can click on the certs and see for myself that they're genuine.
You can see for yourself that a Let's Encrypt certificate is genuine too.