On 02/20/2009 08:28 PM, Benjamin Smedberg:
I don't see how the attack could have been done without wildcards. CA guidelines say that certificates should not be issued with homographic characters that might cause confusion, and as far as we know these guidelines are being followed. The attack here takes place entirely within the wildcard portion of the domain because that's the portion the CA can't verify when they issue the certificate.
Thank you for confirming and being clear on this! This is a general problem with wild cards. The solution to prevent this could be easy.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
