Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Thor (Hammer of God) wrote/schrieb/scripsit:
When I got my NIC handle untold years ago, only 561 other humans had one.
Your logic would preclude getting one in the first place, since no one knew
they existed at the time. When SSL certs were first being created
commercially, how many server operators did you know that had one? How
many do you know now? It's the same thing with client certs, and the logic
stands that certificate applications apply to them as well; particularly in
regard to the business and marketing models various certificate authorities
are running their business by. That was the point.
Just like a NIC handle, a client certificate has no intrinsic value.
People get a NIC handle to use it in a specific process. Just like NIC
handles don't (anymore) work cross-registry, people will have to get
specific certificates to use in specific processes. It is only then
that certificates, being a complex technology, actually work when they
are dumbed down and sealed off sufficiently.
Server certificates are a slightly different thing, as their number is a
few magnitudes lower than the number of client certificates. It is only
economically viable to distribute knowledge if the number of ignorant
people is low enough.
-Stefan
--
junior guru SP666-RIPE JID:stefanp@xxxxxxxxxxxxxxxx SMP@IRC