On Mon, Aug 21, 2000 at 03:15:06PM +0300, Marko Asplund wrote:
> On Mon, 21 Aug 2000, Lutz Jaenicke wrote:
> > ...
> > The browsers don't have the slightest idea on the "server name". The only
> > reliable information is the URL. A hostname being obtained by DNS lookup
> > may already be faked by someone tampering with your DNS servers (or packets).
> > A server name sent by the server itself is also not trustworthy.
> > If you want to connect to "https://www.my-bank.com", you want to be sure
> > to be connected to www.my-bank.com and not to "www.bandits.org", regardless
> > of any other server names/DNS entries...
> yes, but how is CommonName matched exactly? is it only matched against the
> hostname extracted from a URL? Thawte's web pages say that if
That is correct.
> CN=www.bandits.org this only matches to URLs that begin with
> https://www.bandits.org/. but what about e.g. imaps://www.bandits.org/ and
> https://www.bandits.org:3333/?
They all match. They all have the correct CN.
> --
> aspa
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
