Netscape's use of SSL
Sun, 07 Nov 1999 11:19:12 -0800
Norm Hardy wrote:
> It is tedious to check the cert on each URL reference (about 10 sec when
> you rember exactly how). Commonly the "name on the cert" is the domain name
> from the URL. I have seen exceptions. The danger for not checking is DNS
> spoofing that directs the URL reference to a site with a cert, but not the
> one you planned to visit. The bogus site learms the swiss nmber and the jig is
Versions of BIND 8.2 or later provide facilities that make such
man-in-the-middle attacks considerably less likely. Anyone who is serious
about SSL/TLS security should take measures to ensure that Secure DNS is in
operation on at least one server involved in the resolution chain.
Please reply to <mailto:firstname.lastname@example.org> using PGP. My public key can
be found at <http://pgpkeys.mit.edu:11371>. PGP can be found at
<http://web.mit.edu/network/pgp.html>. Beginning 11/1/1999, unenciphered
e-mail will be immediately deleted unread. Thank you.