[15775] in cryptography@c2.net mail archive
RE: New Attack on Secure Browsing
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Fri Jul 16 15:53:21 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "'Aram Perez'" <aramperez@mac.com>,
"'Ian Grigg'" <iang@systemics.com>,
"'Cryptography'" <cryptography@metzdowd.com>
Date: Fri, 16 Jul 2004 13:51:48 -0400
In-Reply-To: <BD1CA962.F2AF%aramperez@mac.com>
>You stated that http://www.pgp.com is an SSL-protected page, but did you
>mean https://www.pgp.com? On my Powerbook, with all the browsers I get an
>error that the certificate is wrong and they end up at http://www.pgp.com.
What I get is a bad certificate, and this is due to the fact that the
certificate is issued to store.pgp.com and not www.pgp.com.
Interestingly (maybe?), when you go and browse on their on-line store, and
check something out to buy, the session is secured but with another
certificate, one issued to secure.pgpstore.com.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
