Bugtraq mailing list archives
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: bkfsec <bkfsec () sdf lonestar org>
Date: Tue, 15 Feb 2005 15:49:12 -0500
Gwendolynn ferch Elydyr wrote:
Well, I meant more accountable than CAs are. I still think that that statement is accurate if you take my meaning.On Tue, 15 Feb 2005, bkfsec wrote:The difference between CAs and the BBB is that the BBB is well known and highly accountable. CAs are not necessarily. There is no widely screened public discussion or understanding of the function of CAs. The accepted root CAs do their jobs on the browser entirely in the background. Their "seal of approval" is considered implicit by the lack of a message at all.The BBB is certainly well known, but describing it as highly accountable is certainly inaccurate. A quick web search will inform you that the BBB has local 'affiliates', and that the quality of these 'affiliates' can vary dramatically from location to location. There's no widely screened public discussion or understanding of the function of the BBB - and their seal of approval certainly appears on sites and businesses they've never heard of.
-Barry
Current thread:
- International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Brandon Kovacs (Feb 07)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Simon Østengaard (Feb 09)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Will Kamishlian (Feb 10)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Peter J. Holzer (Feb 10)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Scott Gifford (Feb 11)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Neil W Rickert (Feb 12)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Scott Gifford (Feb 12)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Ron DuFresne (Feb 17)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Peter J. Holzer (Feb 10)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Seth Breidbart (Feb 16)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. George Capehart (Feb 16)
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (Feb 14)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Vincent Archer (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) (Feb 15)
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (Feb 15)