Wildcard Certs
martin f krafft
madduck at madduck.net
Mon Jun 16 18:13:36 EDT 2003
also sprach Stefan Kelm <kelm at secorvo.de> [2003.06.16.1652 +0200]:
> Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm
> the owner of that domain). I could then set up an SSL server with a
> hostname of something like
>
> www.security-products.microsoft.com.order.registration.checkout.user-
> support.i-am-bad.com
>
> hoping that the browser will only display the more familiar looking parts
> of the URL to the user who in turn will happily accept the certificate.
I could also just buy a certificate with that name. While it is an
interesting point, I do not see how wildcard certificates make this
possible, or enhance it.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
before he died, rabbi zusya said: "in the world to come they will not
ask me, 'why were you not moses?' they will ask me, 'why were you not
zusya?'"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030617/45c5f3f8/attachment.pgp>
More information about the cryptography
mailing list