Bugtraq mailing list archives
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: Stefan Paletta <stefanp () cabal1 com>
Date: Thu, 17 Feb 2005 01:40:53 +0100
Thor (Hammer of God) wrote/schrieb/scripsit:
When I got my NIC handle untold years ago, only 561 other humans had one. Your logic would preclude getting one in the first place, since no one knew they existed at the time. When SSL certs were first being created commercially, how many server operators did you know that had one? How many do you know now? It's the same thing with client certs, and the logic stands that certificate applications apply to them as well; particularly in regard to the business and marketing models various certificate authorities are running their business by. That was the point.
Just like a NIC handle, a client certificate has no intrinsic value. People get a NIC handle to use it in a specific process. Just like NIC handles don't (anymore) work cross-registry, people will have to get specific certificates to use in specific processes. It is only then that certificates, being a complex technology, actually work when they are dumbed down and sealed off sufficiently. Server certificates are a slightly different thing, as their number is a few magnitudes lower than the number of client certificates. It is only economically viable to distribute knowledge if the number of ignorant people is low enough.
-Stefan -- junior guru SP666-RIPE JID:stefanp () jabber de cw net SMP@IRC
Current thread:
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., (continued)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Seth Breidbart (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. George Capehart (Feb 16)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (Feb 14)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Vincent Archer (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Sebastian (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta (Feb 17)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (Feb 16)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Benjamin Franz (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 17)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz (Feb 12)
- Message not available
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz (Feb 16)