Netscape's use of SSL

Paul Snively
Sun, 07 Nov 1999 11:19:12 -0800

Norm Hardy wrote:

> It is tedious to check the cert on each URL reference (about 10 sec when
> you rember exactly how). Commonly the "name on the cert" is the domain name
> from the URL. I have seen exceptions. The danger for not checking is DNS
> spoofing that directs  the URL reference to a site with a cert, but not the
> one you planned to visit. The bogus site learms the swiss nmber and the jig is

Versions of BIND 8.2 or later provide facilities that make such
man-in-the-middle attacks considerably less likely. Anyone who is serious
about SSL/TLS security should take measures to ensure that Secure DNS is in
operation on at least one server involved in the resolution chain.

Please reply to <> using PGP. My public key can
be found at <>. PGP can be found at
<>. Beginning 11/1/1999, unenciphered
e-mail will be immediately deleted unread. Thank you.