Bugtraq mailing list archives
Re: Many WAP gateways do not properly check SSL certificates
From: "Jeremy Sanders" <jsanders () newsouthfederal com>
Date: Tue, 10 Jul 2001 09:21:23 -0500
Since SSL certificates are tamper-evident as the cryptographic signature is checked against the "root" certificates of the large CAs (Thawte, Verisign, Global Trust etc.) this check gives assurance that the requesting party is connected to the right host - i.e. you are safe from a man-in-the-middle attack.
Sprint PCS's WAP gateway does not give a detailed error message, but does not allow the connection if the root certificate is not a trusted root CA. We have an Organizational CA that we generate certificates for internal web sites. The wireless versions of these sites will not work because Sprint's WAP gw does not trust our root... We would also rather not pay Verisign every time we decide to bring up a new intranet/extranet site... Jeremy Sanders, CCNP CNE Advanced Systems Engineer New South Federal Savings Bank
Current thread:
- Many WAP gateways do not properly check SSL certificates Gus (Jul 09)
- <Possible follow-ups>
- Re: Many WAP gateways do not properly check SSL certificates Jeremy Sanders (Jul 10)