Re: IDNA and security
In article <20050208220527.GW26791@mathom.us> you wrote:
> The name is what associates a CA signature with a site. They're not
> signing the IP number.
The Browser is checking the address agaist the DN itself. So if the padlock
is blue, the certificate is for the current URL. Then you have to check the
content of the certificate who owns it. There is no special value in the
name. "debian.xx" does not belong to debian, as long as the Certificate is
not for debian.
IDN Attacks against the url are for site spoofings which attack users who
do not use SSL certificates. And those are always at a higher risk.