An attack on paypal

Steven M. Bellovin smb at research.att.com
Wed Jun 11 16:06:55 EDT 2003


In message <200306111913.h5BJDPV1004648 at gungnir.fnal.gov>, "Matt Crawford" writ
es:
>> The worst trouble I've had with https is that you have no way to use host
>> header names to differentiate between sites that require different SSL
>> certificates.
>
>True as written, but Netscrape ind Internet Exploder each have a hack
>for honoring the same cert for multiple server names.  Opera seems to
>honor at least one of the two hacks, and a cert can incorporate both
>at once.
>
>	/C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
>	/CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
>	/CN=bravo.fnal.gov/CN=charlie.fnal.gov

You can also use *.fnal.gov

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list