Re: IDNA and security

To: debian-security@lists.debian.org
Subject: Re: IDNA and security
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 08 Feb 2005 23:34:29 +0100
Message-id: <[🔎] 878y5yof4a.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050208220527.GW26791@mathom.us> (Michael Stone's message of "Tue, 8 Feb 2005 17:05:27 -0500")
References: <[🔎] 87mzuepwoo.fsf@deneb.enyo.de> <[🔎] 20050208213612.GV26791@mathom.us> <[🔎] 87u0omogq7.fsf@deneb.enyo.de> <[🔎] 20050208220527.GW26791@mathom.us>

* Michael Stone:

> On Tue, Feb 08, 2005 at 10:59:44PM +0100, Florian Weimer wrote:
>>Uh-oh.  No.  It appears if someone has paid a few bucks to someone
>>else.  This has got nothing to do with names, they are not verified by
>>most CAs.
>
> The name is what associates a CA signature with a site. They're not
> signing the IP number.

The CA does not check that the certificate owner is also the owner of
the name (think trademark).  Therefore, it does not matter much what
the CA signs.

In this case, the CA signed the Punycode version of the domain name.
It would probably sign ebay.biz (or ebay.info) as well, if the domain
name owner had asked.

Reply to:

References:
- IDNA and security
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: IDNA and security
  - From: Michael Stone <mstone@debian.org>
- Re: IDNA and security
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: IDNA and security
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: IDNA and security
Next by Date: Re: IDNA and security
Previous by thread: Re: IDNA and security
Next by thread: Re: IDNA and security
Index(es):
- Date
- Thread