Re: IDNA and security
* Michael Stone:
> On Tue, Feb 08, 2005 at 10:59:44PM +0100, Florian Weimer wrote:
>>Uh-oh. No. It appears if someone has paid a few bucks to someone
>>else. This has got nothing to do with names, they are not verified by
> The name is what associates a CA signature with a site. They're not
> signing the IP number.
The CA does not check that the certificate owner is also the owner of
the name (think trademark). Therefore, it does not matter much what
the CA signs.
In this case, the CA signed the Punycode version of the domain name.
It would probably sign ebay.biz (or ebay.info) as well, if the domain
name owner had asked.