lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200502162156.j1GLuet00568@panix5.panix.com>
Date: Wed, 16 Feb 2005 16:56:40 -0500 (EST)
From: Seth Breidbart <sethb@...ix.com>
To: bugtraq@...urityfocus.com
Subject: Re: International Domain Name [IDN] support in modern browsers allows
 attackers to spoof domain name URLs + SSL certs.


[BBB vs. CA]

Gwendolynn ferch Elydyr <gwen@...tiles.org> wrote:

> Actually I don't take your meaning.  I'd appreciate it if you could
> spell out why you think that one organization paid to provide trust
> is different from another organization paid to provide trust.

Some are more competent than others.

In this case, neither is worth anything.

The CA says at most "They verified ownership of a domain at a very low
standard of proof."  The BBB says "They pay us and they responded to
all complaints and said they did the right thing."

Neither of them is on the hook for having bad customers, nor will
either be likely to say bad things about its customers (which are
those who pay it).

Seth


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ