Re: IDNA and security

To: debian-security@lists.debian.org
Subject: Re: IDNA and security
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 08 Feb 2005 22:59:44 +0100
Message-id: <[🔎] 87u0omogq7.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050208213612.GV26791@mathom.us> (Michael Stone's message of "Tue, 8 Feb 2005 16:36:12 -0500")
References: <[🔎] 87mzuepwoo.fsf@deneb.enyo.de> <[🔎] 20050208213612.GV26791@mathom.us>

* Michael Stone:

> On Tue, Feb 08, 2005 at 10:29:43PM +0100, Florian Weimer wrote:
>>IMHO, the whole underlying idea that you can use a name to tell if a
>>site is trustworthy is flawed.  The net just doesn't work this way.
>
> Yes it does. Ecommerce security is founded on the idea that if the
> little padlock is lit up you're secure. That little padlock is based
> on the name.

Uh-oh.  No.  It appears if someone has paid a few bucks to someone
else.  This has got nothing to do with names, they are not verified by
most CAs.

(I wouldn't object to removing USERTRUST from our root CA lists,
though.)

Reply to:

Follow-Ups:
- Re: IDNA and security
  - From: Michael Stone <mstone@debian.org>

References:
- IDNA and security
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: IDNA and security
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: IDNA and security
Next by Date: Re: IDNA and security
Previous by thread: Re: IDNA and security
Next by thread: Re: IDNA and security
Index(es):
- Date
- Thread