On 01/04/14 14:54, Gervase Markham wrote:
On 31/03/14 12:10, Rob Stradling wrote:
How long would it take an attacker to perform a dictionary attack to
discover that "6f993bb2" corresponds to "mail.corp" ?
If only some correlation is desired, then you could just use e.g. the
last two digits of the checksum. This allows a correct match when in
possession of the correct cert, but also one can imagine many
non-existent certs which would also match.
Hi Gerv. I don't think this is desirable.
Only the domain owner needs to know what the unmasked subdomains are,
and they can do this by simply looking at the corresponding Certificate.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
