[Cryptography] ALPACA

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Jun 10 00:52:45 EDT 2021

Previous message (by thread): [Cryptography] ALPACA
Next message (by thread): [Cryptography] ALPACA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jerry Leichter <leichter at lrw.com> writes:

>TLS certificates validate host names, not IP addresses or port numbers.  

They do however contain usage indicators (e.g. usable for email but not for 
running a web server), but everything pretty much ignores those so the 
attack is still possible.

Peter.

Previous message (by thread): [Cryptography] ALPACA
Next message (by thread): [Cryptography] ALPACA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the cryptography mailing list