On Sat, Feb 21, 2009 at 1:19 PM, Paul Hoffman wrote:
>>I don't see how the attack could have been done without wildcards. CA
>>guidelines say that certificates should not be issued with homographic
>>characters that might cause confusion
>
> They do? Where?
I believe that Unicode Technical Report
At 1:28 PM -0500 2/20/09, Benjamin Smedberg wrote:
>On 2/20/09 12:11 PM, Nelson B Bolyard wrote:
>> Benjamin Smedberg wrote, On 2009-02-19 07:39:
>>
>>> It sounds to me that we could and should fix this bug simply by disabling
>>> punycode for the wildcard portion.
>>
>> I'm not sure what you're pr
On 21/2/09 03:18, David E. Ross wrote:
On 2/13/2009 11:52 AM, Eddy Nigg wrote:
On 02/13/2009 09:36 PM, Ben Bucksch:
FWIW, this is irrelevant. *We* require the ETSI. We can also require
additional requirements, like that the CPS is published.
or you have to add a new policy or practices point
On 20/2/09 20:07, Nelson B Bolyard wrote:
Benjamin Smedberg wrote, On 2009-02-20 10:28:
Homomorphic characters aren't a problem for wildcard matching. They're a
problem for users' eyeballs. The attack that was demonstrated could have
been done without wildcards. Changing the wildcard matchi
4 matches
Mail list logo
