<<< Date Index >>>     <<< Thread Index >>>

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.



Thor (Hammer of God) wrote/schrieb/scripsit:
When I got my NIC handle untold years ago, only 561 other humans had one. Your logic would preclude getting one in the first place, since no one knew they existed at the time. When SSL certs were first being created commercially, how many server operators did you know that had one? How many do you know now? It's the same thing with client certs, and the logic stands that certificate applications apply to them as well; particularly in regard to the business and marketing models various certificate authorities are running their business by. That was the point.

Just like a NIC handle, a client certificate has no intrinsic value. People get a NIC handle to use it in a specific process. Just like NIC handles don't (anymore) work cross-registry, people will have to get specific certificates to use in specific processes. It is only then that certificates, being a complex technology, actually work when they are dumbed down and sealed off sufficiently. Server certificates are a slightly different thing, as their number is a few magnitudes lower than the number of client certificates. It is only economically viable to distribute knowledge if the number of ignorant people is low enough.

-Stefan
--
junior guru   SP666-RIPE     JID:stefanp@xxxxxxxxxxxxxxxx    SMP@IRC