[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NetScape's dependence upon RSA down for the count!

On Sat, 30 Sep 1995, Don Stephenson wrote:

> I don't think binding hostnames to certificates helps much because 
> both hostnames and IP addresses can be spoofed and DNS servers can be 
> subverted.  The important thing is the binding to the "service" name or 

In this particular case, hostnames do help, because they are information 
imbedded in the url used to access the server. By verifying the hostname 
in the certificate with the hostname in the url, you can state with a 
high degree of confidence that the object retrieved is precisely the 
desired object covered by this url. 

> Well of course, if the secret key of the server (or worse yet, certificate 
> authority) is compromised, all bets are off.  That's true of just about any 
> protocol you can dream up.

I'm not referring to the secret key of _the_ server; I'm referring to the 
secret key of _ANY_ server. In the limiting case, such a key can be 
obtained by buying one from the CA.