Interesting, the certificate continuity problem is also a DNS name continuity problem.
If someone was to register bigbonk.com it is not very likely someone would guess that it is actually a phishing attack against bigbank.com On Fri, Jan 20, 2012 at 12:32 AM, Bill Frantz <[email protected]> wrote: > On 1/19/12 at 15:36, [email protected] (Paul Hoffman) wrote: > > The charter for this list says: "A number of people are interested in >> discussing proposals that have been developed in response to recent attacks >> on the Internet security infrastructure, in particular those that affected >> sites using TLS and other protocols relying on PKI." >> >> Which attacks are we interested in? >> >> a) Attackers can get a trusted PKIX certificate due to errors on the part >> of some CAs that are trusted by web browsers. >> >> b) Attackers can get a trusted PKIX certificate due to intentional >> laxness on the part of some CAs that are trusted by web browsers. >> >> c) Attackers can issue certificates that cause warnings in web browsers >> that are often ignored and clicked through. >> >> The solution to each of these is different. >> > > I would add to this list: > > d) Attackers can register a domain name that looks like that of another > domain and entice users into visiting that domain instead of the intended > domain. Unicode, with its many similar looking glyphs makes this easier, > although the I 1 and O 0 similarities in 95 character ASCII have > successfully been used in this kind of attack. > > Cheers - Bill > > ------------------------------**------------------------------** > ----------- > Bill Frantz | I like the farmers' market | Periwinkle > (408)356-8506 | because I can get fruits and | 16345 Englewood Ave > www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032 > > > ______________________________**_________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/**listinfo/therightkey<https://www.ietf.org/mailman/listinfo/therightkey> > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
