An attack on paypal

Matt Crawford crawdad at fnal.gov
Wed Jun 11 12:13:25 PDT 2003


> The worst trouble I've had with https is that you have no way to use host
> header names to differentiate between sites that require different SSL
> certificates.

True as written, but Netscrape ind Internet Exploder each have a hack
for honoring the same cert for multiple server names.  Opera seems to
honor at least one of the two hacks, and a cert can incorporate both
at once.

	/C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
	/CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
	/CN=bravo.fnal.gov/CN=charlie.fnal.gov

> So you need to waste IP's for this.

Waste?  Heck no, that's what they're for!





More information about the cypherpunks-legacy mailing list