Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: bkfsec <bkfsec@xxxxxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 16:24:48 -0500
Cc: Vincent Archer <var@xxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, Scott Gifford <sgifford@xxxxxxxxxxxxxxxx>, David Schwartz <davids@xxxxxxxxxxxxx>
In-reply-to: <001e01c5139f$2f48b8b0$0a01a8c0@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <14379.1108161895@xxxxxxxxxxxxxxxxx> <MDEHLPKNGKAHNMBLJOLKEEOFBLAB.davids@xxxxxxxxxxxxx> <20050215081234.GD56768@xxxxxxxxx> <001e01c5139f$2f48b8b0$0a01a8c0@xxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217

Thor (Hammer of God) wrote:

Of course the CA has to gain the trust of the users... There are manyuses for client-based certificates: code signing, user verification,email encryption, automatic mapping of user account to personalcertificates, blah blah blah. The business model of commercial CA'sis most certainly not limited to server operators only. Whilepersonal certificate stores come with pre-trusted root certificatesfrom many CA's to automatically trust many server-based functions,there is a vast market for client certs.

Yes, and how many average users do you know of who know this?

I know quite a number of average users and know of absolutely 0 whowould be aware of this.


            -Barry

Follow-Ups:
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: Thor (Hammer of God)

References:
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: Neil W Rickert
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: David Schwartz
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: Vincent Archer
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: Thor (Hammer of God)

Prev by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Previous by thread: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by thread: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Index(es):
- Date
- Thread