On Sat, Aug 31, 2002 at 12:18:04AM +0100, Andrew McDonald wrote: > Even the hostname check can be problematic - does the user really need > to accept the certificate every time because the name doesn't match?
I think the issue is this: if no hostname check is done, how to you know you really are authenticating the remote host by the certificate you think you should be (say www.secure.org) and not another certificate instead (say www.crackers.com)? You might think you are accessing www.secure.org, but if you authenticated the remote host with www.crackers.com, chances are you may not be. Of course, if the user manually checks the certificate, there would be no problems, but how many people will manually check? (note that I really like this realiance on checking the hostname, for instance it doesn't work properly with virtual name domains under https, but it somehow seems to have become the defacto default, and we seem to be stuck with it for now). > (I've solved this for mutt by using a cache where I save the hostname > against the certificate fingerprint, mozilla does something similar.) I would imagine you would have to manually update this each time a new certificate is issued (unless I am mistaken). -- Brian May <[EMAIL PROTECTED]>
