An attack on paypal
Steven M. Bellovin
smb at research.att.com
Wed Jun 11 16:06:55 EDT 2003
In message <200306111913.h5BJDPV1004648 at gungnir.fnal.gov>, "Matt Crawford" writ
es:
>> The worst trouble I've had with https is that you have no way to use host
>> header names to differentiate between sites that require different SSL
>> certificates.
>
>True as written, but Netscrape ind Internet Exploder each have a hack
>for honoring the same cert for multiple server names. Opera seems to
>honor at least one of the two hacks, and a cert can incorporate both
>at once.
>
> /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
> /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
> /CN=bravo.fnal.gov/CN=charlie.fnal.gov
You can also use *.fnal.gov
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list