[13546] in cryptography@c2.net mail archive
Re: The real problem that https has conspicuously failed to fix
daemon@ATHENA.MIT.EDU (Pete Chown)
Tue Jun 10 09:05:31 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 10 Jun 2003 10:14:27 +0100
From: Pete Chown <Pete.Chown@skygate.co.uk>
To: cryptography@metzdowd.com
In-Reply-To: <20030610015208.26669.qmail@xuxa.iecc.com>
John R. Levine wrote:
> Crypto lets someone say "Hi! I absolutely definitely
> have a name somewhat like the name of a large familiar organization,
> and I'd like to steal your data!" ...
It might help if browsers displayed some details of the certificate
without being asked. For example, instead of a padlock, the browser
could have an SSL toolbar. This would show the verified name and
address of the site you are connected to.
The bar could also show the server name for unverified connections.
This would avoid the attacks that use URLs like
http://www.microsoft.com:officesupport@virus.com .
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
