* Nick FitzGerald:
> Florian Weimer wrote:
>
>> I'd guess the bug is not locale-specific, but depends on the fact that
>> the code considers domain1.co.nz to be equivalent to domain2.co.nz.
>
> Hmmmm -- an example of code you _would_ wish to have been written by
> some of their outsourced (well, "off-shore") code-monkeys so as to
> avoid the possibility of such stupidity from the outset???
Well, the idea of trust based on effective SLD[1] is pretty much flawed
in the first place. After all, you can still attack others within the
same .com or .edu.
[1] "Effective TLD Service":
<http://wiki.mozilla.org/Gecko:Effective_TLD_Service>
<http://lxr.mozilla.org/mozilla/source/netwerk/dns/src/effective_tld_names.dat?raw=1>
-- not pretty.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
