On Mon, 21 Aug 2000, Lutz Jaenicke wrote:
> ...
> The browsers don't have the slightest idea on the "server name". The only
> reliable information is the URL. A hostname being obtained by DNS lookup
> may already be faked by someone tampering with your DNS servers (or packets).
> A server name sent by the server itself is also not trustworthy.
> If you want to connect to "https://www.my-bank.com", you want to be sure
> to be connected to www.my-bank.com and not to "www.bandits.org", regardless
> of any other server names/DNS entries...
yes, but how is CommonName matched exactly? is it only matched against the
hostname extracted from a URL? Thawte's web pages say that if
CN=www.bandits.org this only matches to URLs that begin with
https://www.bandits.org/. but what about e.g. imaps://www.bandits.org/ and
https://www.bandits.org:3333/?
--
aspa
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
