Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

[Stefan Paletta <stefanp@xxxxxxxxxx>]

Thor (Hammer of God) wrote/schrieb/scripsit:
> When I got my NIC handle untold years ago, only 561 other humans had one. 
> Your logic would preclude getting one in the first place, since no one knew 
> they existed at the time.  When SSL certs were first being created 
> commercially, how many server operators did you know that had one?  How 
> many do you know now?  It's the same thing with client certs, and the logic 
> stands that certificate applications apply to them as well; particularly in 
> regard to the business and marketing models various certificate authorities 
> are running their business by.  That was the point.

Just like a NIC handle, a client certificate has no intrinsic value.  
People get a NIC handle to use it in a specific process. Just like NIC 
handles don't (anymore) work cross-registry, people will have to get 
specific certificates to use in specific processes. It is only then
that certificates, being a complex technology, actually work when they 
are dumbed down and sealed off sufficiently.
Server certificates are a slightly different thing, as their number is a 
few magnitudes lower than the number of client certificates. It is only 
economically viable to distribute knowledge if the number of ignorant 
people is low enough.

-Stefan
--
junior guru   SP666-RIPE     JID:stefanp@xxxxxxxxxxxxxxxx    SMP@IRC