The real problem that https has conspicuously failed to fix
Pete Chown
Pete.Chown at skygate.co.uk
Tue Jun 10 05:14:27 EDT 2003
John R. Levine wrote:
> Crypto lets someone say "Hi! I absolutely definitely
> have a name somewhat like the name of a large familiar organization,
> and I'd like to steal your data!" ...
It might help if browsers displayed some details of the certificate
without being asked. For example, instead of a padlock, the browser
could have an SSL toolbar. This would show the verified name and
address of the site you are connected to.
The bar could also show the server name for unverified connections.
This would avoid the attacks that use URLs like
http://www.microsoft.com:officesupport@virus.com .
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list