[5398] in cryptography@c2.net mail archive
Re: going around the crypto
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Sat Aug 14 12:51:13 1999
Date: Fri, 13 Aug 1999 11:38:18 -0700
From: Tom Weinstein <tomw@geocast.com>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: cryptography@c2.net
"Steven M. Bellovin" wrote:
>
> The obvious protection is for users to check the certificate. Most users, of
> course, don't even know what a certificate is, let alone what the grounds are
> for accepting one. It would also help if servers used client-side
> certificates for authentication, since the man-in-the-middle can't spoof
> the user's certificate. But almost no servers do that.
The user doesn't need to check the certificate. Certificates for HTTP servers
contain the host name of the machine they certify. The web browser checks the
hostname in the certificate against the hostname in the URL. All the user must
do is check the hostname in the URL that is displayed on his screen.
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | tomw@geocast.com
transcending structure. -- The Tao of Programming |
