[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IDNA and security

* Michael Stone:

> On Tue, Feb 08, 2005 at 10:29:43PM +0100, Florian Weimer wrote:
>>IMHO, the whole underlying idea that you can use a name to tell if a
>>site is trustworthy is flawed.  The net just doesn't work this way.
> Yes it does. Ecommerce security is founded on the idea that if the
> little padlock is lit up you're secure. That little padlock is based
> on the name.

Uh-oh.  No.  It appears if someone has paid a few bucks to someone
else.  This has got nothing to do with names, they are not verified by
most CAs.

(I wouldn't object to removing USERTRUST from our root CA lists,

Reply to: