| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Feb 2005 15:44:22 -0500 (EST) From: Gwendolynn ferch Elydyr <gwen@...tiles.org> To: bkfsec <bkfsec@....lonestar.org> Cc: Scott Gifford <sgifford@...pectclass.com>, Neil W Rickert <rickert+bt@...niu.edu>, bugtraq@...urityfocus.com Subject: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. On Tue, 15 Feb 2005, bkfsec wrote: > The difference between CAs and the BBB is that the BBB is well known and > highly accountable. CAs are not necessarily. > There is no widely screened public discussion or understanding of the > function of CAs. The accepted root CAs do their jobs on the browser entirely > in the background. Their "seal of approval" is considered implicit by the > lack of a message at all. The BBB is certainly well known, but describing it as highly accountable is certainly inaccurate. A quick web search will inform you that the BBB has local 'affiliates', and that the quality of these 'affiliates' can vary dramatically from location to location. There's no widely screened public discussion or understanding of the function of the BBB - and their seal of approval certainly appears on sites and businesses they've never heard of. cheers! ========================================================================== "A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now."
Powered by blists - more mailing lists