[13654] in cryptography@c2.net mail archive
Re: Wildcard Certs
daemon@ATHENA.MIT.EDU (martin f krafft)
Mon Jun 16 21:20:20 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 17 Jun 2003 00:13:36 +0200
From: martin f krafft <madduck@madduck.net>
To: crypto list <cryptography@metzdowd.com>
Mail-Followup-To: crypto list <cryptography@metzdowd.com>
In-Reply-To: <3EEDF5C9.21570.58B451@localhost>
--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
also sprach Stefan Kelm <kelm@secorvo.de> [2003.06.16.1652 +0200]:
> Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm=20
> the owner of that domain). I could then set up an SSL server with a=20
> hostname of something like =20
>=20
> www.security-products.microsoft.com.order.registration.checkout.user-
> support.i-am-bad.com
>=20
> hoping that the browser will only display the more familiar looking parts=
=20
> of the URL to the user who in turn will happily accept the certificate. =
=20
I could also just buy a certificate with that name. While it is an
interesting point, I do not see how wildcard certificates make this
possible, or enhance it.
--=20
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
=20
before he died, rabbi zusya said: "in the world to come they will not
ask me, 'why were you not moses?' they will ask me, 'why were you not
zusya?'"
--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+7kEQIgvIgzMMSnURAu7YAJ9IxoNenWx5I98p0zrbssA7wUE1cgCgkfy6
48y4YdwHKTMJpwvW/h0FPV4=
=5krh
-----END PGP SIGNATURE-----
--SLDf9lqlvOQaIe6s--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
