[13587] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jun 11 16:58:32 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Matt Crawford" <crawdad@fnal.gov>
Cc: Sunder <sunder@sunder.net>,
"Email List: Cypherpunks" <cypherpunks@lne.com>,
"Email List: Cryptography" <cryptography@metzdowd.com>
Date: Wed, 11 Jun 2003 16:06:55 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <200306111913.h5BJDPV1004648@gungnir.fnal.gov>, "Matt Crawford" writ
es:
>> The worst trouble I've had with https is that you have no way to use host
>> header names to differentiate between sites that require different SSL
>> certificates.
>
>True as written, but Netscrape ind Internet Exploder each have a hack
>for honoring the same cert for multiple server names. Opera seems to
>honor at least one of the two hacks, and a cert can incorporate both
>at once.
>
> /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
> /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
> /CN=bravo.fnal.gov/CN=charlie.fnal.gov
You can also use *.fnal.gov
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
