| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050217004052.GG3541@delusion.wronline.net> Date: Thu, 17 Feb 2005 01:40:53 +0100 From: Stefan Paletta <stefanp@...al1.com> To: bugtraq@...urityfocus.com Subject: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) wrote/schrieb/scripsit: >When I got my NIC handle untold years ago, only 561 other humans had one. >Your logic would preclude getting one in the first place, since no one knew >they existed at the time. When SSL certs were first being created >commercially, how many server operators did you know that had one? How >many do you know now? It's the same thing with client certs, and the logic >stands that certificate applications apply to them as well; particularly in >regard to the business and marketing models various certificate authorities >are running their business by. That was the point. Just like a NIC handle, a client certificate has no intrinsic value. People get a NIC handle to use it in a specific process. Just like NIC handles don't (anymore) work cross-registry, people will have to get specific certificates to use in specific processes. It is only then that certificates, being a complex technology, actually work when they are dumbed down and sealed off sufficiently. Server certificates are a slightly different thing, as their number is a few magnitudes lower than the number of client certificates. It is only economically viable to distribute knowledge if the number of ignorant people is low enough. -Stefan -- junior guru SP666-RIPE JID:stefanp@...ber.de.cw.net SMP@IRC
Powered by blists - more mailing lists