RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: Benjamin Franz <snowhare@xxxxxxxxxxx>
Date: Wed, 16 Feb 2005 15:55:09 -0800 (PST)
In-reply-to: <MDEHLPKNGKAHNMBLJOLKIECDBNAB.davids@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <MDEHLPKNGKAHNMBLJOLKIECDBNAB.davids@xxxxxxxxxxxxx>


On Wed, 16 Feb 2005, David Schwartz wrote:


Correct. And the browser vendors gain trust because they only include
reputable CAs.


Ummm.

No.

'They' (to a good first order approximation: 'Microsoft') are 'trusted'because 'they' own 90% of the browser market following the abuse of adesktop OS monopoly to force their applications competition out of themarket.


Defaults are power.

--
Benjamin Franz

"All right, where is the answer? The battle of wits has begun.
It ends when you click and we both serve pages - and find out who is right,
and who is slashdotted." - David Brandt

References:
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: David Schwartz

Prev by Date: Re: SHA-1 broken
Next by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Previous by thread: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by thread: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Index(es):
- Date
- Thread