Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: Seth Breidbart (sethb_at_panix.com)
Date: 02/16/05
- Previous message: TAC: "NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+"
- In reply to: Gwendolynn ferch Elydyr: "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
- Next in thread: George Capehart: "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Feb 2005 16:56:40 -0500 (EST) To: bugtraq@securityfocus.com
[BBB vs. CA]
Gwendolynn ferch Elydyr <gwen@reptiles.org> wrote:
> Actually I don't take your meaning. I'd appreciate it if you could
> spell out why you think that one organization paid to provide trust
> is different from another organization paid to provide trust.
Some are more competent than others.
In this case, neither is worth anything.
The CA says at most "They verified ownership of a domain at a very low
standard of proof." The BBB says "They pay us and they responded to
all complaints and said they did the right thing."
Neither of them is on the hook for having bad customers, nor will
either be likely to say bad things about its customers (which are
those who pay it).
Seth
- Previous message: TAC: "NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+"
- In reply to: Gwendolynn ferch Elydyr: "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
- Next in thread: George Capehart: "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
