Re: simple question about certificate chains

From: Mike Amling (nospam_at_nospam.com)
Date: 07/05/05


Date: Tue, 05 Jul 2005 17:59:19 GMT

Michael Heiming wrote:
> In comp.security.ssh Richard E. Silverman <res@qoxp.net>:
>
>>>>>>>"MW" == Maik Wiege <mswiege*nospam*@gmx.de> writes:
>
>
>> >> Dunno what this has to do with ssh?
>> MW> Sorry - misstyped that! Meant SSL of cource.
>
>
>>The point was that this newsgroup is about SSH, not SSL. The two have
>>nothing to do with one another.
>
>
>>>>>>>"MH" == Michael Heiming <michael+USENET@www.heiming.de>
>
>
>>No, browsers generally do *not* do this, for several reasons. The most
>>obvious is that, since the DNS is insecure, it would be easy to get a
>>client to incorrectly accept a certificate by simply spoofing its DNS
>>traffic. Browsers should (and generally do) match the certificate against
>>what the user types, nothing else -- that's the point,
>
>
> Yep, that what I meant the system will check against reverse DNS,
> the name you typed into the URL box, if it matches against the
> so called "common name" of the certificate.

   SSL does not use reverse DNS (in case anyone was wondering).

--Mike Amling



Relevant Pages

  • Re: simple question about certificate chains
    ... >>The point was that this newsgroup is about SSH, ... >>client to incorrectly accept a certificate by simply spoofing its DNS ... SSL does not use reverse DNS. ...
    (comp.security.ssh)
  • Re: Need new 3270 emulator: SSH, inexpensive, reliable
    ... I'm not sure where you're management got their information about SSL being ... Yes, as stated by others, SSH and SSL use Public key processing. ... create a CERTAUTH certificate, and then create another certificate, signed by ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: simple question about certificate chains
    ... Your browser will check the cert against reverse DNS and ... > client to incorrectly accept a certificate by simply spoofing its DNS ... Yep, that what I meant the system will check against reverse DNS, ...
    (alt.computer.security)
  • Re: simple question about certificate chains
    ... Your browser will check the cert against reverse DNS and ... > client to incorrectly accept a certificate by simply spoofing its DNS ... Yep, that what I meant the system will check against reverse DNS, ...
    (comp.security.ssh)
  • Re: Slow connecting process
    ... > via ssh using either another SuSE command-line ssh or Windows SSH. ... *THAT* sounds like the classic reverse DNS problem. ... > The network in between is Fast Ethernet, ... > host works pretty fast, only this one host shows that problem. ...
    (comp.security.ssh)