[Cryptography] So please tell me. Why is my solution wrong?
Salz, Rich
rsalz at akamai.com
Thu Feb 9 16:55:54 EST 2017
> After your browser verifies the digital signature on a TLS certificate it creates
> fig 1 with the picture from your local hard drive and Bob, Trent etc. from the
> TLS certificate. Hence phishers can only get an incorrect/fake name for Bob
> by tricking a Certificate Authority (CA), or hacking a CA. Once people are
> using fig 1 as a dedicated login screen it's up to the CA to ensure correct
> business names are inside TLS certificates.
Peter has posted a set of links as to why images don't work.
Do you know how CA's work, and about domain validation? Apparently not. There need not be a business name, just a domain name. A valid domain name.
This scheme doesn't work. Full stop.
More information about the cryptography
mailing list