Re: IDNA and security

To: debian-security@lists.debian.org
Subject: Re: IDNA and security
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Tue, 08 Feb 2005 23:30:08 +0100
Message-id: <[🔎] E1Cyds0-0000xc-00@calista.eckenfels.6bone.ka-ip.net>
In-reply-to: <[🔎] 20050208220527.GW26791@mathom.us>

In article <[🔎] 20050208220527.GW26791@mathom.us> you wrote:
> The name is what associates a CA signature with a site. They're not
> signing the IP number.

The Browser is  checking the address agaist the DN itself. So if the padlock
is blue, the certificate is for the current URL. Then you have to check the
content of the certificate who owns it. There is no special value in the
name. "debian.xx" does not belong to debian, as long as the Certificate is
not for debian.

IDN Attacks against the  url  are for site spoofings which attack users who
do not use SSL certificates. And those are always  at a higher risk.

Greetings
Bernd

Reply to:

References:
- Re: IDNA and security
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: IDNA and security
Next by Date: Re: IDNA and security
Previous by thread: Re: IDNA and security
Next by thread: Re: IDNA and security
Index(es):
- Date
- Thread