Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

Amir Herzberg Thu, 10 Feb 2005 10:36:11 -0800

Steve, my point was not the trivial fact that TrustBar would not display the homograph; suppose it did... even then, the user is _asked_ about the certificate, since it was signed by an unusual CA that the user did not specify as `to be trusted always`; this should certainly be a good warning for most users (and of course, a good situation to check for tricks such as homographs...).

And even if some user allowed this CA as `always trusted`, there is still a fair chance he'll notice that the brand of CA on his bank's site has suddenly changed... which may also raise the alarm.

Best, Amir Herzberg


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

Reply via email to