On 20 Feb 2002 at 10:38, Matthew Nuzum wrote: > I know of ONE way that will take care of this problem definitively, and > that is to buy a wildcard cert from Thawte. However, they now charge > per domain, which is extremely limiting to me. > > I have heard that you can send a special mime-encoded file to newer > browsers that will allow them to add me to their list of trusted > authorities. Maybe this is a rumor, or maybe this is a complete > mis-understanding on my part. It sounds intriguing to me though. > > Has anyone tried this? I'd search the Internet, but I'm somewhat at a > loss for what to even search for.
This would be completely against the idea of trusted certificates and would be a big security hole. Im not saying it doesn't exist though ;) There were some threads in Bugtraq similar to this, from memory, the browsers involved were IE on Windows and Konquer in KDE on linux. Try searching at http://www.securityfocus.com for IE https certificate attack Regards Ian _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
