[13615] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: An attack on paypal

daemon@ATHENA.MIT.EDU (Adam Selene)
Thu Jun 12 21:27:18 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Adam Selene" <nospam@vguild.com>
To: <cryptography@metzdowd.com>, <cypherpunks@lne.com>
Date: Thu, 12 Jun 2003 19:03:33 -0600

> IE checks the server name against each CN's individually.

I found that by experimentation too. I have VBScript sample on how to generate
such a CSR request for IIS using the CryptoAPI.

Furthermore, IE does not care if the CNs have different domains.

e.g.

/CN=www.domain.com/CN=www.domain.net/CN=www.domain.org

-or even-

/CN=www.domain.com/CN=www.cypherpunks.com/CN=www.microsoft.com

You can self-sign such a cert with OpenSSL just fine. Whether you can get a real
CA to sign such a thing is another matter.

    Adam

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13615] in cryptography@c2.net mail archive

Re: An attack on paypal

daemon@ATHENA.MIT.EDU (Adam Selene)Thu Jun 12 21:27:18 2003

daemon@ATHENA.MIT.EDU (Adam Selene)
Thu Jun 12 21:27:18 2003