Bugtraq mailing list archives
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: "Janusz A. Urbanowicz" <alex () bofh net pl>
Date: Wed, 16 Feb 2005 16:33:06 +0100
On Mon, Feb 14, 2005 at 10:28:22AM -0500, Christopher Jastram wrote:
X.509/TLS is not for assuring if the server you are connected to is lawful.
Could a CA be held liable for certifying a domain that was clearly intended to deceive for unlawful purposes? Perhaps as an accessory to the crime?
I guess this is very interesting question from the lawyer's point of view. IANAL. And it definitely depends of your and your CA and your case perp's jurisdictions. My guess is also that law doctorates and whole careers were built on cases less complicated than this.
Do they have humans looking at the certification requests? If a CA looks at a certificate that's clearly intended for criminal purposes, and certifies it, could they be an accessory to the crime?
They should have. I'm pretty convinced that at least for some personal certs the certification is automatic. As for being prone for litigation for this, see the previous paragraph. Alex -- mors ab alto 0x46399138
Current thread:
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., (continued)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Sebastian (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta (Feb 17)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (Feb 16)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Benjamin Franz (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 17)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz (Feb 12)
- Message not available
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz (Feb 16)