From cmcmanis@scndprsn Mon Oct 2 09:07:33 1995
Why forge it? Why not simply buy a netsite server with a valid certificate. Let's say you paid full list for it $5000. It is the classic MITM attack but the protection against that attack was generally that the parties communicating "knew" each other.
Of course, the attacker would be leaving a very strong pointer back to themselves as evidence.
This is a fundamental weakness of putting the security at the SSL level as opposed to a possibly higher level. With the netscape attack since your client never cares "how" (or to whom) the SSL connection is made, it never shows you the information about where the source key came from. Only that it is valid.
I'm not sure this is really an issue of where the security is layered, but rather a flaw in the use of it, in not requiring the unambiguous specification of the "service name" (what's in the certificate) beforehand, or confirming it after the connection is established. You must have a binding between the target URL and the desired "service name", regardless of whether you have the security protocol in the session layer (SSL) or the application/http layer (Secure-HTTP). - Don