Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

From: bkfsec <bkfsec_at_sdf.lonestar.org>
Date: Tue, 15 Feb 2005 16:24:48 -0500

Thor (Hammer of God) wrote:

>
> Of course the CA has to gain the trust of the users... There are many
> uses for client-based certificates: code signing, user verification,
> email encryption, automatic mapping of user account to personal
> certificates, blah blah blah. The business model of commercial CA's
> is most certainly not limited to server operators only. While
> personal certificate stores come with pre-trusted root certificates
> from many CA's to automatically trust many server-based functions,
> there is a vast market for client certs.
>
Yes, and how many average users do you know of who know this?

I know quite a number of average users and know of absolutely 0 who
would be aware of this.

-Barry
Received on Feb 15 2005

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]