[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: Benjamin Franz <snowhare@xxxxxxxxxxx>
Date: Wed, 16 Feb 2005 15:55:09 -0800 (PST)

On Wed, 16 Feb 2005, David Schwartz wrote:


Correct. And the browser vendors gain trust because they only include
reputable CAs.

Ummm.

No.

'They' (to a good first order approximation: 'Microsoft') are 'trusted' because 'they' own 90% of the browser market following the abuse of a desktop OS monopoly to force their applications competition out of the market.

Defaults are power.

--
Benjamin Franz

"All right, where is the answer? The battle of wits has begun.
It ends when you click and we both serve pages - and find out who is right,
and who is slashdotted." - David Brandt

References:
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: David Schwartz

Prev by Date: Re: SHA-1 broken
Next by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Previous by thread: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by thread: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Index(es):
- Date
- Thread